ATTACK TRACEBACK AND ATTRIBUTION

YONG GUAN AND LINFENG ZHANG

Iowa State University, Ames, Iowa

1 INTRODUCTION

With the growth of the Internet, cyber attacks happen every day and everywhere. It is very important that we trace back and attribution the real attackers. In this article, we discuss the current techniques in cyber attack traceback. We focus on the present schemes in Internet Protocol (IP) spoofing traceback and stepping stone attack attribution. Furthermore, we introduce the traceback issues in Voice over Internet Protocol (VoIP), botnet, and anonymous systems.

2 SCIENTIFIC OVERVIEW

With the phenomenal growth of the Internet, more and more people enjoy and depend on the convenience of its provided services. The Internet has spread rapidly to almost all over the world. Up to December 2006, the Internet has distributed to over 233 countries and world regions, and has more than 1.09 billion users [1]. Unfortunately, the wide use of computer and Internet also has opened doors to cyber attackers. There are different kinds of attacks that an end user of a computer or Internet has to face. For instance, there may be various viruses on the hard disk, there may be several backdoors opened in the operating system, and there may be a lot of phishing e-mails in his/her mailbox, and so on. According to the annual Computer Crime Report of Computer Security Institute (CSI) and the US Federal Bureau of Investigation (FBI) released in 2006 [2], cyber attacks cause a lot of money losses ...