Real-Time Intruder Tracing through Self-Replication [chapter]

Heejin Jang, Sangwook Kim
2002 Lecture Notes in Computer Science  
Since current internet intruders conceal their real identity by distributed or disguised attacks, it is not easy to deal with intruders properly only with an ex post facto chase. Therefore, it needs to trace the intruder in real time. Existing real-time intruder tracing systems has a spatial restriction. The security domain remains unchanged if there is no system security officer's intervention after installing the tracing system. It is impossible to respond to an attack which is done out of
more » ... security domain. This paper proposes selfreplication mechanism, a new approach to real-time intruder tracing, minimizing a spatial limitation of traceable domain. The real-time tracing supports prompt response to the intrusion, detection of target host and laundering hosts. It also enhances the possibility of intruder identification. Collected data during the real-time tracing can be used to generate a hacking scenario database and can be used as legal evidence.
doi:10.1007/3-540-45811-5_1 fatcat:6aacttpffzbajnm5du2c2gvvwy