Tracing Attack Traffic Through the Internet
Douglas Reeves
Abstract:
Those who launch attacks over the Internet rely upon a variety of
concealment techniques to protect them from discovery/prosecution.
Those techniques have heavily favored the attackers over the defenders
in the past. Over the past 5 years we have developed methods for
defeating more and more of those concealment techniques by analyzing
and manipulating the timing characteristics of attack traffic.
In this talk I will summarize the methods we have developed, and their
theoretical basis. Based on extensive experimentation in
the Internet, I'll show how effective these methods are, and what open
problems remain. This will include recent results concerning
cover traffic, repacketization, self-synchronization, and the ability of
attackers to reverse engineer our method.
Speaker's Bio
Douglas Reeves is a Professor of Computer Science and Electrical and
Computer Engineering at N.C. State University, where he has been
since 1987. He received his Ph.D. in Computer Science from Penn State
University. He works generally in the areas of network security and
peer-to-peer computing, with current funding from the National
Science Foundation and the Disruptive Technologies Office (formerly:
ARDA). He is the general chair of ICICS06 and P2P2006.
return to Information Assurance Colloquium Home Page