Tracing Based Active Intrusion Response

ABSTRACT

Network-based intrusion has become a serious threat to today’s highly networked information systems, existing intrusion defense approaches such as intrusion prevention, detection, tolerance and response are “passive” in response to network-based intrusions in that their countermeasures are limited to being local to the intrusion target and there is no automated, network-wide counteraction against detected intrusions. While they all play an important role in counteracting network-based intrusion, they do not, however, effectively address the root cause of the problem – intruders.

What missing from existing intrusion prevention, detection, tolerance and response is an effective way to identify network-based intruders and hold them accountable for their intrusions. Network-based intrusion can not be effectively repelled or eliminated until its source is known.

In this paper, we propose Tracing Based Active Intrusion Response (TBAIR) as a new way to address the problem of network-based intrusion. Based on Sleepy Watermark Tracing (SWT), TBAIR is able to effectively trace the detected intrusion that utilizes stepping stone to disguise its origin at real-time, and dynamically push the intrusion countermeasures such as remote monitoring, blocking, containment and isolation close to the source of the intrusion. It also helps to apprehend the intruders on the spot and hold them accountable for their intrusions.

 


AUTHORS

Xinyuan Wang

North Carolina State University, NC
USA

Xinyuan Wang received his B.S. in Computer Science from Peking University (PR China) and M.S. in Computer Science from Beijing Institute of Information Control (PR China). He is currently pursuing Ph.D. in Computer Science at North Carolina State University, USA. His primary research interest is in network security, especially real-time intrusion tracing and source identification, active intrusion response and active network security.

Photo of Douglas Reeves

Douglas Reeves

Professor of Computer Science at N.C. State University

Douglas S. Reeves Ph.D, is a Professor of Computer Science at N.C. State University. He received the Ph.D. in Computer Science from Pennsylvania State University in 1987. His research interests include quality of service issues for packet networks, and network security.

S. Felix Wu

Associate Professor of Computer Science, University of California at Davis
USA

S. Felix Wu Ph.D, received his PhD in Computer Science from Columbia University in 1995, and he is currently an Associate Professor of Computer Science of University of California at Davis, USA. His research focuses on computer security, specifically intrusion detection and protection for network protocols, detection and identification of the source of Denial of Service (DoS) attacks, automatic response to faults and intrusions, and intrusion tolerance and extended transaction management.


Published In

Volume 1, Issue 1

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com