Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics

被引：0

作者：

Liu X.-H. ^{[1
,2
]}

Ding L.-P. ^{[1
,3
,4
]}

Zheng T. ^{[5
]}

Wu J.-Z. ^{[6
]}

Li Y.-F. ^{[1
,2
]}

机构：

[1] Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing

[2] School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing

[3] Digital Forensics Laboratory, Institute of Software Application Technology, Guangzhou & Chinese Academy of Sciences (GZIS), Guangzhou

[4] Guangdong Chinese Academy of Sciences & Realdata Science and Technology Co. Ltd., Guangzhou

[5] China Unicom VSENS Communications Co. Ltd., Beijing

[6] Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing

来源：

Ruan Jian Xue Bao/Journal of Software | 2021年 / 32卷 / 01期

基金：

中国国家自然科学基金;

关键词：

Cyber attack traceback; Forensics process model; IP traceback; Network forensics; The admissibility of digital evidence; The probative force of digital evidence;

D O I：

10.13328/j.cnki.jos.006105

中图分类号：

学科分类号：

摘要：

Locating the source of cyber attack and then collecting digital evidence is one of the tasks of network forensics. Cyber attack traceback techniques are used to locate the source of cyber attack. However, current research on cyber attack traceback is mainly conducted from a defensive perspective, targeting at blocking cyber attack as soon as possible via locating the cyber attack source, and rarely considers digital evidence acquirement. As a result, the large amount of valuable digital evidence generated during the process of cyber attack traceback cannot be used in prosecutions, and their value in network forensics cannot be fully exploited. Therefore, a set of forensics capability metrics is proposed to assess the forensics capability of cyber attack traceback techniques. The latest cyber attack traceback techniques, including cyber attack traceback based on software defined network, are summarized and analyzed. Their forensics capability is analyzed and some suggestions are provided for improvement. At last, a specific forensics process model for cyber attack traceback is proposed. The work of this paper provides reference for research on cyber attack traceback technology targeting at network forensics. © Copyright 2021, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

引用

页码：194 / 217

页数：23

共 100 条

[1] Zhu SX, Chen ZG, Zhang XS, Chen RD., Traceback Cyber Attacks, pp. 102-131, (2015)
[2] Khan S, Gani A, Wahab AWA, Shiraz M, Ahmad I., Network forensics: Review, taxonomy, and open challenges, Journal of Network and Computer Applications, 66, pp. 214-235, (2016)
[3] Ding LP., Network forensics and theory research of computer forensics, Netinfo Security, 10, 12, pp. 38-41, (2010)
[4] Chen ZG, Pu S, Hao Y, Huang C., Levels analysis of network attack traceback, Computer Systems Applications, 23, 1, pp. 1-7, (2014)
[5] Jiang JG, Wang JZ, Kong B, Hu B, Liu JQ., On the survey of network attack source traceback, Journal of Cyber Security, 3, 1, pp. 111-131, (2018)
[6] Singh K, Singh P, Kumar K., A systematic review of IP traceback schemes for denial of service attacks, Computers & Security, 56, pp. 111-139, (2016)
[7] Al-Duwairi B, Govindarasu M., Novel hybrid schemes employing packet marking and logging for IP traceback, IEEE Trans. on Parallel and Distributed Systems, 17, 5, pp. 403-418, (2006)
[8] A road map for digital forensics research, (2001)
[9] Mai YH., Digital Forensic Judicial Practice, pp. 26-45, (2012)
[10] Ding LP., Research on the models, policies and implement of real-time forensics operating system, (2006)

← 1 2 3 4 5 6 7 8 9 10 →