Abstract
Since current internet intruders conceal their real identity by distributed or disguised attacks, it is not easy to deal with intruders properly only with an ex post facto chase. Therefore, it needs to trace the intruder in real time. Existing real-time intruder tracing systems has a spatial restriction. The security domain remains unchanged if there is no system security officer’s intervention after installing the tracing system. It is impossible to respond to an attack which is done out of the security domain. This paper proposes selfreplication mechanism, a new approach to real-time intruder tracing, minimizing a spatial limitation of traceable domain. The real-time tracing supports prompt response to the intrusion, detection of target host and laundering hosts. It also enhances the possibility of intruder identification. Collected data during the real-time tracing can be used to generate a hacking scenario database and can be used as legal evidence.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S.S. Chen & L.T. Heberlein: Holding Intruders Accountable on the Internet. In Proceedings of the IEEE Symposium on Security and Privacy, (1995) 39–49
G. Eschelbeck: Active Security-A proactive approach for computer security systems. Journal of Network and Computer Applications, 23, (2000) 109–130
D. Schnackenberg, K. Djahandari & D. Sterne: Infrastructure for Intrusion Detection and Response, Advanced Security Research Journal, 3, (2001) 17–26
H.T. Jung et al.: Caller Identification System in the Internet Environment, In Proceedings of Usenix Security Symposium, (1993)
S. Snapp et al.: DIDS(Distributed Intrusion Detection System)-Motivation, Architecture, and an early prototype. In Proceedings of National Computer Security Conference, (1991) 167–176
M.R. Cornwell: A Software Engineering Approach to Designing Trustworthy Software. In Proceedings of the Symposium on Security and Privacy, (1989) 148–156
M. Bishop: A Model of Security Monitoring. In Proceedings of the Annual Computer Security Applications Conference, (1989) 46–52
S. S. Chen: Distributed tracing of intruder, Thesis of master’s degree, Dept. of Computer Science, U.C.Davis. (1997)
K. Yoda and H. Etoh: Finding a Connection Chain for Tracing Intruders. In Proceedings of 6th European Symposium on Research in Computer Security-ESORICS 2000 LNCS-1985, Toulouse France (2000)
H. Jang & S. Kim: A Self-Extension Monitoring for Security Management. In Proceeding of the 16th Annual Computer Security Applications Conference, (2000) 196–203
W.R. Stevens: Advanced Programming in the UNIX Environment, Addison-Wesley Publishing Company, (1992) 631–658
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jang, H., Kim, S. (2002). Real-Time Intruder Tracing through Self-Replication. In: Chan, A.H., Gligor, V. (eds) Information Security. ISC 2002. Lecture Notes in Computer Science, vol 2433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45811-5_1
Download citation
DOI: https://doi.org/10.1007/3-540-45811-5_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44270-7
Online ISBN: 978-3-540-45811-1
eBook Packages: Springer Book Archive