Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics

被引:0
|
作者
Liu X.-H. [1 ,2 ]
Ding L.-P. [1 ,3 ,4 ]
Zheng T. [5 ]
Wu J.-Z. [6 ]
Li Y.-F. [1 ,2 ]
机构
[1] Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing
[2] School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing
[3] Digital Forensics Laboratory, Institute of Software Application Technology, Guangzhou & Chinese Academy of Sciences (GZIS), Guangzhou
[4] Guangdong Chinese Academy of Sciences & Realdata Science and Technology Co. Ltd., Guangzhou
[5] China Unicom VSENS Communications Co. Ltd., Beijing
[6] Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing
来源
Ruan Jian Xue Bao/Journal of Software | 2021年 / 32卷 / 01期
基金
中国国家自然科学基金;
关键词
Cyber attack traceback; Forensics process model; IP traceback; Network forensics; The admissibility of digital evidence; The probative force of digital evidence;
D O I
10.13328/j.cnki.jos.006105
中图分类号
学科分类号
摘要
Locating the source of cyber attack and then collecting digital evidence is one of the tasks of network forensics. Cyber attack traceback techniques are used to locate the source of cyber attack. However, current research on cyber attack traceback is mainly conducted from a defensive perspective, targeting at blocking cyber attack as soon as possible via locating the cyber attack source, and rarely considers digital evidence acquirement. As a result, the large amount of valuable digital evidence generated during the process of cyber attack traceback cannot be used in prosecutions, and their value in network forensics cannot be fully exploited. Therefore, a set of forensics capability metrics is proposed to assess the forensics capability of cyber attack traceback techniques. The latest cyber attack traceback techniques, including cyber attack traceback based on software defined network, are summarized and analyzed. Their forensics capability is analyzed and some suggestions are provided for improvement. At last, a specific forensics process model for cyber attack traceback is proposed. The work of this paper provides reference for research on cyber attack traceback technology targeting at network forensics. © Copyright 2021, Institute of Software, the Chinese Academy of Sciences. All rights reserved.
引用
收藏
页码:194 / 217
页数:23
相关论文
共 100 条
  • [91] Reza M., A standardised data acquisition process model for digital forensic investigations, Int'l Journal of Information Computer Security, 9, 3, pp. 229-249, (2017)
  • [92] Wei R, Hai J., Modeling the network forensics behaviors, Proc. of the Workshop of the 1st Int'l Conf. on Security and Privacy for Emerging Areas in Communication Networks, pp. 1-8, (2005)
  • [93] Kent K, Chevalier S, Grance T, Dang H., Guide to integrating forensic techniques into incident response, pp. 26-29, (2006)
  • [94] Freiling F, Schwittay B., A common process model for incident response and computer forensics, Proc. of the SIG SIDAR Conf. on IT-incidents Management & IT-forensics 2007, pp. 19-40, (2007)
  • [95] Pilli ES, Joshi RC, Niyogi R., Network forensic frameworks: Survey and research challenges, Digital Investigation, 7, 1, pp. 14-27, (2010)
  • [96] Kaur P, Bijalwan A, Joshi RC, Awasthi A., Network forensic process model and framework: An alternative scenario, Proc. of the Intelligent Communication, Control and Devices, pp. 493-502, (2018)
  • [97] Lin C, Li ZT, Gao CX, Liu YS., Modeling and analyzing dynamic forensics system based on intrusion tolerance, Proc. of the 9th IEEE Int'l Conf. on Computer & Information Technology, pp. 230-235, (2009)
  • [98] Reza M, Richard H, Victoria C, Amin HF., The standardised digital forensic investigation process model (SDFIPM), Proc. of the Blockchain and Clinical Trial: Securing Patient Data, pp. 169-209, (2019)
  • [99] Ding LP, Liu WM, Qiu XF, Et al., The study of detection, response and forensics of malicious behaviors in cloud computing, pp. 153-158, (2018)
  • [100] Li JR, Li XY, Gao YL, Gao YQ, Gao YQ, Fang BX., Review on data forwarding model in Internet of things, Ruan Jian Xue Bao/ Journal of Software, 29, 1, pp. 196-224, (2018)
12345678910