Tracking Illegal System Access in a Ubiquitous Environment – Proposal for ATS, a Traceback System Using STOP

  • Gwanghoon Kim
  • Soyeon Hwang
  • Deokgyu Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3983)


In a ubiquitous environment, the boundaries of network topology can change irregularly. In this paper, an Agent-based Traceback System (ATS) is proposed to track attacks that utilize systems within an area of the network topology that has been marked for management purposes. Some of the information exchanged within the proposed system utilizes the previously verified STOP [1]. The additional information provided by utilizing the ATS proposed in this paper will greatly enhance the reliability of the traceback process. In addition, the proposed system is flexible enough to be applied to resource management systems as well.


Internal Network Network Interface Port Number Packet Header Ubiquitous Environment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Carrier, B., Shields, C.: The Session Token Protocol for Forensics and Traceback. ACM Transactions on Information and System Security 7(3) (2004)Google Scholar
  2. 2.
    Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP under denial of service attack. In: Proc. IEEE INFOCOM 2001, pp. 338–347 (2001)Google Scholar
  3. 3.
    Song, D.X., Perrig, A.: Advanced and Authenticated Marking Scheme for IP Traceback. In: Proc. Infocom, vol. 2, pp. 878–886 (2001)Google Scholar
  4. 4.
    Bellovin, S., Taylor, T.: ICMP Traceback Messages. RFC 2026, Internet Task Force (2003)Google Scholar
  5. 5.
    Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. Technical Report UW-CSE-2000-02-01, Department of Computer Science and Engineering, University of WashingtonGoogle Scholar
  6. 6.
    Stone, R.: CenterTrack: an IP overlay network for tracking DoS floods. In: Proc. 9th Usenix Security Symp. (2000)Google Scholar
  7. 7.
    Snoeren, A.C., Partridge, C., Sanchez, L.A., Strayer, W.T., Jones, C.E., Tchakountio, F., Kent, S.T.: Hash-Based IP Traceback. BBN Technical Memorandum No. 1284 (2001)Google Scholar
  8. 8.
    Chang, H.Y., et al.: Deciduous: Decentralized Source Identification for Network-based Intrusions. In: Proc. 6th IFIP/IEEE Int’l Symp., Integrated Net., Mmgt. (1999)Google Scholar
  9. 9.
    Jung, H.T., Kim, H.L., Seo, Y.M., Choe, G., Min, S.L., Kim, C.S., Koh, K.: Caller Identification system in the Internet environment. In: UNIX Security Symposium IV PRoceedings (1993)Google Scholar
  10. 10.
    Johns, M.S.: Authentication server. RFC 931, TPSCGoogle Scholar
  11. 11.
    Johns, M.S.: Identification Protocol, RFC 1413, US Department of DefenseGoogle Scholar
  12. 12.
    Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing (2002)Google Scholar
  13. 13.
    Belenky, A., Ansari, N.: On IP Traceback. IEEE Communication Magazine (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gwanghoon Kim
    • 1
  • Soyeon Hwang
    • 1
  • Deokgyu Lee
    • 2
  1. 1.INFOSEC, Co.LTD.SeoulKorea
  2. 2.Divison of Information Technology EngineeringSoonChunHyang UniversityAsan-si, ChoongNamKorea

Personalised recommendations