Forensic Analysis for Epidemic Attacks in Federated Networks

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yinglian Xie Articles by Vyas Sekar Articles by Michael Reiter Articles by Hui Zhang

Proceedings of the 2006 IEEE International Conference on Network Protocols

Fess parker's Doubletree, Santa Barbara, Ca, USA

November 12-November 15

ISBN: 1-4244-0593-9

	ASCII Text	x
	Yinglian Xie, Vyas Sekar, Michael Reiter, Hui Zhang, "Forensic Analysis for Epidemic Attacks in Federated Networks," Network Protocols, IEEE International Conference on, pp. 43-53, Proceedings of the 2006 IEEE International Conference on Network Protocols, 2006.

	BibTex	x
	@article{ 10.1109/ICNP.2006.320197, author = {Yinglian Xie and Vyas Sekar and Michael Reiter and Hui Zhang}, title = {Forensic Analysis for Epidemic Attacks in Federated Networks}, journal ={Network Protocols, IEEE International Conference on}, volume = {0}, year = {2006}, isbn = {1-4244-0593-9}, pages = {43-53}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICNP.2006.320197}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Network Protocols, IEEE International Conference on TI - Forensic Analysis for Epidemic Attacks in Federated Networks SN - 1-4244-0593-9 SP43 EP53 A1 - Yinglian Xie, A1 - Vyas Sekar, A1 - Michael Reiter, A1 - Hui Zhang, PY - 2006 VL - 0 JA - Network Protocols, IEEE International Conference on ER -

Yinglian Xie, Carnegie Mellon University, ylxie@cs.cmu.edu

Vyas Sekar, Carnegie Mellon University, vyass@cs.cmu.edu

Michael Reiter, Carnegie Mellon University, reiter@cs.cmu.edu

Hui Zhang, Carnegie Mellon University, hzhang@cs.cmu.edu

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICNP.2006.320197

We present the design of a Network Forensic Alliance (NFA), to allow multiple administrative domains (ADs) to jointly locate the origin of epidemic spreading attacks. ADs in the NFA collaborate in a distributed protocol for post-mortem analysis of worm-like attacks. Information exchange between any two participating ADs is limited to traffic records that are known to both sides, maintaining the privacy of participants. Such an architecture is incentive-compatible ? participants benefit by gaining better local investigative capabilities, even with partial deployment. Further, we show that by sharing local investigation results, ADs can achieve global investigative capabilities that are comparable to a centralized implementation with access to global traffic records. Our evaluation demonstrates that it is feasible for large-scale attack investigation to be incrementally deployed in an Internet-like federation.

Citation:

Yinglian Xie, Vyas Sekar, Michael Reiter, Hui Zhang, "Forensic Analysis for Epidemic Attacks in Federated Networks," icnp, pp.43-53, Proceedings of the 2006 IEEE International Conference on Network Protocols, 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.