Method and system for integrated computer networking attack...

Details Method and system for integrated computer networking attack... Method and system for integrated computer networking attack...

2005-03-10

2010-10-12

Lanier, Benjamin E (Department: 2432)

Information security

Monitoring or scanning of software or data including attack...

Intrusion detection

Reexamination Certificate

active

07814546

ABSTRACT:
A system and method for determining the point of entry of a malicious packet into a network is disclosed. An intrusion detection system detects entry of the malicious packet into the network (500). A stepping stone detection system identifies stepping stones in extended connections within the network (524). A traceback engine isolates the malicious packet in response to operation of the intrusion detection system (528), wherein the traceback engine utilizes the identified stepping stones to determine the point of entry of the malicious packet.

REFERENCES:
patent: 6009469 (1999-12-01), Mattaway et al.
patent: 6745333 (2004-06-01), Thomsen
patent: 6981158 (2005-12-01), Sanchez et al.
patent: 7200105 (2007-04-01), Milliken et al.
patent: 2002/0032871 (2002-03-01), Malan et al.
patent: 2002/0078202 (2002-06-01), Ando et al.
patent: 2003/0115485 (2003-06-01), Milliken
patent: 2004/0098618 (2004-05-01), Kim et al.
patent: 2004/0199791 (2004-10-01), Poletto et al.
patent: 2005/0132219 (2005-06-01), Robert
Belenky, A., and Ansari, On IP Traceback.IEEE Communications Magazine 41, 7 (2003), 142-153.
Bellovin, S.M., Leech, M., and Taylor, T. ICMP traceback messages. Internet Draft, Oct. 2001. draft-ietf-itrace-01.text (work in progress).
Bloom, B.H. Space/time trade-offs in hash coding with allowable errors. Communicationsof ACM 13, 7 (Jul. 1970), 422-426.
Buchholz, F.P. and Shields, C. Providing process origin information to aid in network traceback.In Proc. USENIX Annual Technical Conference(Jun. 2002).
Burch, H., and Cheswick, B. Tracing anonymous packets to their approximate source. InProc. USENIX LISA '00(Dec. 2000).
Cappe, O., Moulines, E. Pesquet, J.C., Petropulu, A., Yang, X. Long-range dependence and heavy-tail modeling for teletraffic data.IEEE Signal Processing Magazine 19-3(2002), 14-27.
Carrier, B., and Shields, C. A recursive session token protocol for use in computer forensics and tcp traceback. InProc. IEEE Infocom '02(Jun. 2002).
Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., and Staniford, S. Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay.In Proc. International Symposium on Recent Advances in Intrusion Detection(Oct. 2002), pp. 14-35.
Egevang, K., and Francis, P. The ip network address translator. RFC 1631, May 1994.
Fan, L., Cao, P. Almeida, J., and Broder, A.Z. Summary cache: a scalable wide-area web cache sharing protocol.ACM/IEEE Trans. On Networking 8, 3 (2000), 281-293.
Ferguson, P. and Senie, D. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2267, Jan. 1998.
Hazeyama, H., Oe, M., and Kadobayashi, Y. A layer-2 extension to hash-based IP traceback.IEICE Trans. on Information&Systems, Nov. 2003.
Howard, J.D. An analysis of security incidents on the internet. 1989-1995. PhD Thesis. Apr. 1997. http://www.cert.org/research/JHThesis/Start.html.
Johns, M. S. Identification Protocol. RFC 1413, Feb. 1993.
Jones, C.E., Tchakountio, F., Snoeren, A.C., Schwartz, B., Clements, R.C., Condell, M., Partridge, C., and Strayer, W.T. Traceback of ip packet transformations. Internal technical memo, BBN Technologies, 2002.
Jung, H.T., Kim, H.L., Seo, Y., Choe, G., Min, S.L., and Kim, C.S. Caller identification system in the internet environment. InProc. USENIX Security Symposium '93(Oct. 1993).
Lee, S.C., and Shields, C. Tracing the source of network attack: A technical, legal and societal problem. In Proc.IEEE Systems, Man, and Cybernetics Information Assurance Workshop(2001).
Libes, D. The Expect home page. Tech. rep., National Institute of Standards and Technology. http://expect.nist.gov/, Jun. 11, 2004.
Mankin, A., Massey, D., Wu, C.L. Wu, S.F., and Zhang, L. On design and evaluation of “intention-driven” ICMP traceback. InProc. IEEE International Conference on Computer Communications and Networks(Oct. 2001).
Partridge, C., Cousins, D.B., Jackson, A.W., Krishnan, R., Saxena, T., and Strayer, W.T. Using signal processing to analyze wireless data traffic. In Proc.ACM Workshop on Wireless Security(WiSe) (Sep. 2002).
Paxson, V. Bro: A system for detecting network intruders in real-time. InProc. USENIX Security Symposium, Jan. 1998.
Paxson, V. An analysis of using reflectors for distributed denial-of-service attacks.ACM Comp. Comm. Review 31.3(2001).
Perkins, C.E. IP mobility support for IPv4. RFC 3344. Aug. 2002.
Rekhter, Y., Moskowitz, B., Karrenberg, D., De Groot, G.J., and Lear, E. Address allocation for private internets. RFC 1918, Feb. 1996.
Sager, G. Security fun with OCxmon and cflowd. Internet 2 Working Group Meeting, Nov. 1998. http://www.caida.org/projects/NGI/content/security/1198.
Sanchez, L.A., Milliken, W.C., Snoeren, A.C., Tchakountio, F., Jones, C.E., Kent, S.T., Partridge, C., and Strayer, W.T. Hardware support for a hash-based IP traceback.In Proc. Second DARPA Information Survivability Conference and Exposition(Jun. 2001), vol. 2, pp. 146-152.
Savage, S., Wetherall, D., Karlin, A., and Anderson, T. Network support for IP traceback.ACM/IEEE Trans. on Networking 9, 3(Jun. 2001), 226-239.
Schnackenberg, D., Djahandari, K., and Sterne, D. Infrastructure for intrusion detection and response. InProc. First DARPA Information Survivability Conference and Exposition(Jan. 2000).
Snapp, S.R., Brentano, J., Dias, G.V., Goan, T.L., Heberlein, L.T., Ho, C.L., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., and Mansur, D. DIDS (distributed intrusion detection system)- motivation, architecture, and an early prototype. InProc. National Computer Security Conference(Oct. 1991), pp. 167-176.
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., and Strayer, W.T. Single-packet IP traceback.ACM/IEEE Trans. on Networking(Dec. 2002).
Song, D.X., and Perrig, A. Advanced and authenticated marking schemes for IP traceback. InProc. IEEE Infocom '01(Apr. 2001).
Staniford-Chen, S., and Heberlein, L.T. Holding intruders accountable on the internet. InProc. IEEE Symposium on Security and Privacy '95(May 1995), pp. 39-49.
Stone, R. CenterTrack: An IP overlay network for tracking DoS floods. InProc. USENIX Security Symposium '00(Aug. 2000).
Wang, X., and Reeves, D.S. Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. InProc. ACM Symposium on Computer and Communications Security(CCS) (Oct. 2003).
Wang, X., Reeves, D.S., and Wu, S.F. Inter-packet delay based on correlation for tracing encrypted connections through stepping stones. InProc. European Symposium on Research in Computer Security(Oct. 2002), pp. 244-263.
Wang, X., Reeves, D.S., Wu, S.F., and Yuill, J. Sleepy watermark tracing: An active network-based intrusion response framework. InProc. International Conference on Information Security(Jun. 2001), pp. 369-384.
Yoda, K., and Etoh, H. Finding a connection chain for tracing intruders. InProc. European Symposium on Research in Computer Security(Oct. 2000), pp. 191-205.
Zhang, Y., and Paxson, V. Detecting stepping stones.In Proc. USENIX Security Symposium '00(Aug. 2000), pp. 171-184.

Affiliated with

Also associated with

Rating

Method and system for integrated computer networking attack... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method and system for integrated computer networking attack..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for integrated computer networking attack... will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-4194304