微信服务号

微信订阅号

2025年8月4日 9:37 星期一
首页 > 过刊浏览>2021年第32卷第1期 >194-217. DOI:10.13328/j.cnki.jos.006105
PDF HTML阅读 XML下载 导出引用 引用提醒
面向网络取证的网络攻击追踪溯源技术分析
作者:
作者简介:

刘雪花(1985-),女,博士,工程师,主要研究领域为信息安全,电子数据取证.
丁丽萍(1965-),女,博士,研究员,博士生导师,主要研究领域为信息安全,电子数据取证.
郑涛(1986-),男,硕士,主要研究领域为5G移动通信.
吴敬征(1982-),男,博士,副研究员,主要研究领域为系统安全,漏洞挖掘,移动安全.
李彦峰(1984-),男,博士,工程师,主要研究领域为隐蔽信道,信息安全.

通讯作者:

丁丽萍,E-mail:dingliping@gz.iscas.ac.cn

基金项目:

2019年度南沙区人工智能应用示范项目(2019SF01);广州市科技计划(201802020015);国家自然科学基金(61772507);羊城创新创业领军人才支持计划(领军人才2016008)


Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics
Author:
Fund Project:

2019 Artificial Intelligence Application Demonstration Project of Nansha District, Guangzhou Municipality, China (2019SF01); Science and Technology Planning Project of Guangzhou Municipality, China (201802020015); National Natural Science Foundation of China (61772507); Support Scheme of Guangzhou for Leading Talents in Innovation and Entrepreneurship (领军人才2016008)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [109]
    • |
  • 相似文献 [20]
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    首先定位网络攻击事件的源头,然后进行有效的电子数据证据的收集,是网络取证的任务之一.定位网络攻击事件源头需要使用网络攻击追踪溯源技术.然而,现有的网络攻击追踪溯源技术研究工作主要从防御的角度来展开,以通过定位攻击源及时阻断攻击为主要目标,较少会考虑到网络取证的要求,从而导致会在网络攻击追踪溯源过程中产生的大量有价值的数据无法成为有效电子数据证据在诉讼中被采用,因而无法充分发挥其在网络取证方面的作用.为此,提出了一套取证能力评估指标,用于评估网络攻击追踪溯源技术的取证能力.总结分析了最新的网络攻击追踪溯源技术,包括基于软件定义网络的追踪溯源技术,基于取证能力评估指标分析了其取证能力,并针对不足之处提出了改进建议.最后,提出了针对网络攻击追踪溯源场景的网络取证过程模型.该工作为面向网络取证的网络攻击追踪溯源技术的研究提供了参考.

    Abstract:

    Locating the source of cyber attack and then collecting digital evidence is one of the tasks of network forensics. Cyber attack traceback techniques are used to locate the source of cyber attack. However, current research on cyber attack traceback is mainly conducted from a defensive perspective, targeting at blocking cyber attack as soon as possible via locating the cyber attack source, and rarely considers digital evidence acquirement. As a result, the large amount of valuable digital evidence generated during the process of cyber attack traceback cannot be used in prosecutions, and their value in network forensics cannot be fully exploited. Therefore, a set of forensics capability metrics is proposed to assess the forensics capability of cyber attack traceback techniques. The latest cyber attack traceback techniques, including cyber attack traceback based on software defined network, are summarized and analyzed. Their forensics capability is analyzed and some suggestions are provided for improvement. At last, a specific forensics process model for cyber attack traceback is proposed. The work of this paper provides reference for research on cyber attack traceback technology targeting at network forensics.

    参考文献
    [1] Zhu SX, Chen ZG, Zhang XS, Chen RD. Traceback Cyber Attacks. Beijing:National Defence Industry Press, 2015.102-131(in Chinese).
    [2] Khan S, Gani A, Wahab AWA, Shiraz M, Ahmad I. Network forensics:Review, taxonomy, and open challenges. Journal of Network and Computer Applications, 2016,66:214-235.
    [3] Ding LP. Network forensics and theory research of computer forensics. Netinfo Security, 2010,10(12):38-41(in Chinese with English abstract).
    [4] Chen ZG, Pu S, Hao Y, Huang C. Levels analysis of network attack traceback. Computer Systems Applications, 2014,23(1):1-7(in Chinese with English abstract).
    [5] Jiang JG, Wang JZ, Kong B, Hu B, Liu JQ. On the survey of network attack source traceback. Journal of Cyber Security, 2018,3(1):111-131(in Chinese with English abstract).
    [6] Singh K, Singh P, Kumar K. A systematic review of IP traceback schemes for denial of service attacks. Computers & Security, 2016,56:111-139.
    [7] Al-Duwairi B, Govindarasu M. Novel hybrid schemes employing packet marking and logging for IP traceback. IEEE Trans. on Parallel and Distributed Systems, 2006,17(5):403-418.
    [8] DFRW. A road map for digital forensics research. 2001. http://www.dfrws.org/sites/default/files/session-files/a_road_map_for_digital_forensic_research.pdf
    [9] Mai YH. Digital Forensic Judicial Practice. Beijing:Law Press, 2012.26-45(in Chinese).
    [10] Ding LP. Research on the models, policies and implement of real-time forensics operating system[Ph.D. Thesis]. Beijing:Graduate University of Chinese Academy of Sciences, 2006(in Chinese with English abstract).
    [11] Matsuda S, Baba T, Hayakawa A, Nakamura T. Design and implementation of unauthorized access tracing system. In:Werner B, ed. Proc. of the 2002 Symp. on Applications and the Internet (SAINT 2002). Los Alamitos:IEEE Computer Society, 2002.74-81.
    [12] Snoeren AC, Partridge C, Sanchez LA, Jones CE, Tchakountio F, Schwartz B, Kent ST, Strayer WT. Single-packet IP traceback. IEEE/ACM Trans. on Networking, 2002,10(6):721-734.
    [13] Snoeren AC, Partridge C, Sanchez LA, Jones CE, Tchakountio F, Kent ST, Strayer WT. Hash-based IP traceback. In:Proc. of the 2001 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications. New York:ACM, 2001.3-14.
    [14] Bloom BH. Space/Time trade-offs in hash coding with allowable errors. Communications of the ACM, 1970,13(7):422-426.
    [15] Zhang LF, Guan Y. TOPO:A topology-aware single packet attack traceback scheme. In:Singhal M, Baras J, eds. Proc. of the 2006 Securecomm and Workshops. Piscataway:IEEE, 2006.1-10.
    [16] Hilgenstieler E, Duarte EP, Mansfield-Keeni G, Shiratori N. Improving the precision and efficiency of log-based IP packet traceback. In:Proc. of the 2017 IEEE Global Telecommunications Conf. Piscataway:IEEE, 2007.1823-1827.
    [17] Hilgenstieler E, Duarte EP, Mansfield-Keeni G, Shiratori N. Extensions to the source path isolation engine for precise and efficient log-based IP traceback. Computers & Security, 2010,29(4):383-392.
    [18] Kai T, Hashiguchi A, Nakatani H. Proposal for and evaluation of improved method of hash-based IP traceback system. In:Proc. of the 2nd Int'l Conf. on Computer Science and Its Applications. Piscataway:IEEE, 2009.1-7.
    [19] Katyal K, Malik M, Dutta M. Implementation of single-packet hybrid IP traceback for IPv4 and IPv6 networks. IET Information Security, 2018,12(1):1-6.
    [20] Yang MH, Yang MC. RIHT:A novel hybrid IP traceback scheme. IEEE Trans. on Information Forensics and Security, 2012,7(2):789-797.
    [21] Yang MH. Hybrid single-packet IP traceback with low storage and high accuracy. The Scientific World Journal, 2014,2014:1-12.
    [22] Lu N, Wang YL, Su S, Yang FC. A novel path-based approach for single-packet IP traceback. Security and Communication Networks, 2014,7(2):309-321.
    [23] Gong C, Sarac K. A more practical approach for single-packet IP traceback using packet logging and marking. IEEE Trans. on Parallel and Distributed Systems, 2008,19(10):1310-1324.
    [24] Jeong E, Lee B. An IP traceback protocol using a compressed hash table, a sinkhole router and data mining based on network forensics against network attacks. Future Generation Computer Systems, 2014,33(4):42-52.
    [25] Strayer WT, Jones CE, Tchakountio F, Hain RR. SPIE-IPv6:Single IPv6 packet traceback. In:Jha S, Hassanein H, Bulusu N, Frank M, Boukerche A, Hood C, eds. Proc. of the 29th Annual IEEE Int'l Conf. on Local Computer Networks. Los Alamitos:IEEE Computer Society, 2004.118-125.
    [26] Boudaoud K, LeBorgne F. Towards an efficient implementation of traceback mechanisms in autonomous systems. In:Brunner M, Westphall CB, Granville LZ, eds. Proc. of the 2008 IEEE Network Operations and Management Symp. Piscataway:IEEE, 2008.1015-1018.
    [27] Wang XJ, Xiao YL. IP traceback based on deterministic packet marking and logging. In:Li K, Min G, Zhu Y, Qiu M, Qu W, eds. Proc. of the Int'l Conf. on Scalable Computing and Communications; the 8th Int'l Conf. on Embedded Computing. Los Alamitos:IEEE Computer Society, 2009.178-182.
    [28] Strayer WT, Jones CE, Schwartz BI, Mikkelson J, Livadas C. Architecture for multi-stage network attack traceback. In:Hassanein H, Waldvogel M, eds. Proc. of the IEEE Conf. on Local Computer Networks. Los Alamitos:IEEE Computer Society, 2005.778-785.
    [29] Takemori K, Fujinaga M, Sayama T, Nishigaki M. IP traceback using DNS logs against bots. In:Proc. of the Int'l Symp. on Computer Science and its Applications. Los Alamitos:IEEE Computer Society, 2008.84-89.
    [30] Ibrahim MI, Jantan A. A secure storage model to preserve evidence in network forensics. In:Zain JM, Wan MW, El-Qawasmeh E, eds. Proc. of the Software Engineering and Computer Systems. Berlin:Springer-Verlag, 2011.391-402.
    [31] Chhabra G. Distributed network forensics framework:A systematic review. Int'l Journal of Computer Applications, 2015,119(19):31-35.
    [32] Tafazzoli T, Salahi E, Gharaee H. A proposed architecture for network forensic system in large-scale networks. Int'l Journal of Computer Networks & Communications, 2015,7(4):43-56.
    [33] Liang XP, Shetty S, Tosh D, Kamhoua C, Kwiat K, Njilla L. Provchain:A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In:Proc. of the 17th IEEE/ACM Int'l Symp. on Cluster, Cloud and Grid Computing (CCGRID). Los Alamitos:IEEE Computer Society, 2017.468-477.
    [34] Qian WN, Shao QF, Zhu YC, Jin CQ, Zhou AY. Research problems and methods in blockchain and trusted data management. Ruan Jian Xue Bao/Journal of Software, 2018,29(1):150-159(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5434.htm[doi:10.13328/j.cnki.jos.005434]
    [35] Li CX, Chen S, Zheng LS, Zuo C, Jiang BY, Liang G. RepChain-A permissioned blockchain toolkit implemented by reactive programming. Ruan Jian Xue Bao/Journal of Software, 2019,30(6):1670-1680(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5743.htm[doi:10.13328/j.cnki.jos.005743]
    [36] Savage S, Wetherall D, Karlin A, Anderson T. Network support for IP traceback. IEEE/ACM Trans. on Networking, 2001,9(3):226-237.
    [37] Li DQ, Su PR, Feng DG. Notes on packet marking for IP traceback. Ruan Jian Xue Bao/Journal of Software, 2004,15(2):250-258(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/15/250.htm
    [38] Park K, Lee H. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In:Proc. of the IEEE INFOCOM 2001 Conf. on Computer Communications. Piscataway:IEEE, 2001.338-347.
    [39] Song DXD, Perrig A. Advanced and authenticated marking schemes for IP traceback. In:Proc. of the IEEE INFOCOM 2001 Conf. on Computer Communications. Piscataway:IEEE, 2001.878-886.
    [40] Cheng L, Divakaran DM, Lim WY, Thing VLL. Opportunistic piggyback marking for IP traceback. IEEE Trans. on Information Forensics and Security, 2016,11(2):273-288.
    [41] Amin SO, Kang MS, Hong CS. A lightweight IP traceback mechanism on IPv6. In:Zhou X, Sokolsky O, Yan L, Jung E-S, Shao Z, Mu Y, Lee DC, Kim DY, Jeong Y-S, Xu C-Z, eds. Proc. of the Emerging Directions in Embedded and Ubiquitous Computing. Berlin:Springer-Verlag, 2006.671-680.
    [42] Hussain A, Heidemann J, Heidemann J, Papadopoulos C. A framework for classifying denial of service attacks. In:Proc. of the 2003 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications. New York:ACM, 2003.99-110.
    [43] Wuu LC, Liu TJ, Yang JY. IP traceback based on Chinese remainder theorem. In:Alhajj RS, ed. Proc. of the 6th IASTED Int'l Conf. on Communications, Internet, and Information Technology. Calgary:ACTA Press, 2007.214-219.
    [44] Bhavani Y, Janaki V, Sridevi R. IP traceback through modified probabilistic packet marking algorithm using Chinese remainder theorem. Ain Shams Engineering Journal, 2015,6(2):715-722.
    [45] Law KT, Lui JCS, Yau DKY. You can run, but you can't hide:An effective methodology to traceback DDoS attackers. In:Boukerche A, Das SK, Majumdar S, eds. Proc. of the 10th IEEE Int'l Symp. on Modeling, Analysis and Simulation of Computer and Telecommunications Systems. Los Alamitos:IEEE Computer Society, 2002.433-440.
    [46] Xiang Y, Zhou WL, Guo MY. Flexible deterministic packet marking:An IP traceback system to find the real source of attacks. IEEE Trans. on Parallel and Distributed Systems, 2009,20(4):567-580.
    [47] Peng T, Leckie C, Ramamohanarao K. Adjusted probabilistic packet marking for IP traceback. In:Gregori E, Conti M, Campbell AT, Omidyar CG, Zukerman M, eds. Proc. of the 2nd Int'l IFIP-TC6 Networking Conf. on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications. Berlin:Springer- Verlag, 2002.697-708.
    [48] Kim B. Efficient technique for fast IP traceback. In:Luo Y, ed. Proc. of the Int'l Conf. on Cooperative Design, Visualization and Engineering. Berlin:Springer-Verlag, 2006.211-218.
    [49] Liu J, Lee ZJ, Chung YC. Dynamic probabilistic packet marking for efficient IP traceback. Computer Networks, 2007,51(3):866-882.
    [50] Tian HC, Bi J, Jiang XK, Zhang W. A probabilistic marking scheme for fast traceback. In:Mauri JL, Sendra S, Tomás J, Wu WW, eds. Proc. of the 2nd Int'l Conf. on Evolving Internet. Los Alamitos:IEEE Computer Society, 2010.137-141.
    [51] Kim H, Kim E, Kang S, Kim HK. Network forensic evidence generation and verification scheme (NFEGVS). Telecommunication Systems, 2015,60(2):261-273.
    [52] Group NW. HMAC:Keyed-hashing for message authentication. RFC 2104, 1997.
    [53] Tian NS, Zhang G. Vacation Queueing Models Theory and Applications. Boston:Springer-Verlag, 2006.1-7.
    [54] Dang XH, Albright E, Abonamah AA. Performance analysis of probabilistic packet marking in IPv6. Computer Communications, 2007,30(16):3193-3202.
    [55] Group NW. Internet protocol, version 6(IPv6) specification. RFC 2460, 1998.
    [56] Bhavani Y, Janaki V, Sridevi R. Modified probabilistic packet marking algorithm for IPv6 traceback using Chinese remainder theorem. In:Saini HS, Sayal R, Rawat SS, eds. Proc. of the Innovations in Computer Science and Engineering. Berlin:Springer-Verlag, 2017.253-263.
    [57] Belenky A, Ansari N. IP traceback with deterministic packet marking. IEEE Communications Letters, 2003,7(4):162-164.
    [58] Yu S, Zhou WL, Guo S, Guo MY. A feasible IP traceback framework through dynamic deterministic packet marking. IEEE Trans. on Computers, 2016,65(5):1418-1427.
    [59] Dean D, Franklin M, Stubblefield A. An algebraic approach to IP traceback. ACM Trans. on Information and System Security, 2002,5(2):119-137.
    [60] Guruswami V, Sudan M. Improved decoding of Reed-Solomon and algebraic-geometric codes. In:Proc. of the 39th Annual Symp. on Foundations of Computer Science. Los Alamitos:IEEE Computer Society, 1998.28-37.
    [61] Sattari P, Gjoka M, Markopoulou A. A network coding approach to IP traceback. In:Proc. of the 2010 IEEE Int'l Symp. on Network Coding (NetCod). Piscataway:IEEE, 2010.1-6.
    [62] Sattari P, Markopoulou A. Algebraic traceback meets network coding. In:Yang Y, Guo Y, Luo Q, Liu Y, Zhang X, eds. Proc. of the 2011 Int'l Symp. on Networking Coding. Piscataway:IEEE, 2011.1-7.
    [63] Choi KH, Dai HK. A marking scheme using Huffman codes for IP traceback. In:Hsu DF, Hiraki K, Shen S, Sudborough H, eds. Proc. of the 7th Int'l Symp. on Parallel Architectures, Algorithms and Networks. Los Alamitos:IEEE Computer Society, 2004.421-428.
    [64] Malliga S, Tamilarasi A. A proposal for new marking scheme with its performance evaluation for IP traceback. WSEAS Trans. on Computer Research, 2008,3(4):259-272.
    [65] Kim HS, Kim HK. Network forensic evidence acquisition (NFEA) with packet marking. In:Proc. of the 9th IEEE Int'l Symp. on Parallel and Distributed Processing with Applications Workshops. Los Alamitos:IEEE Computer Society, 2011.388-393.
    [66] Monsanto C, Reich J, Foster N, Rexford J, Walker D. Composing software-defined networks. In:Feamster N, Mogul J, eds. Proc. of the 10th USENIX Conf. on Networked Systems Design and Implementation. Berkeley:USENIX Association, 2013.1-14.
    [67] Feamster N, Rexford J, Zegura E. The road to SDN:An intellectual history of programmable networks. ACM SIGCOMM Computer Communication Review, 2014,44(2):87-98.
    [68] Agarwal K, Rozner E, Dixon C, Carter J. SDN traceroute:Tracing SDN forwarding without changing network behavior. In:Proc. of the 3rd Workshop on Hot Topics in Software Defined Networking. New York:ACM, 2014.145-150.
    [69] Handigol N, Heller B, Jeyakumar V, Mazi D, McKeown N. I know what your packet did last hop:Using packet histories to troubleshoot networks. In:Proc. of the 11th USENIX Conf. on Networked Systems Design and Implementation. Berkeley:USENIX Association, 2014.71-85.
    [70] Zhang H, Reich J, Rexford J. Packet traceback for software-defined networks. Princeton:Department of Computer Sciences, Princeton University, 2015.1-7.
    [71] Francois J, Festor O. Anomaly traceback using software defined networking. In:Proc. of the 2014 IEEE Int'l Workshop on Information Forensics and Security (WIFS). Piscataway:IEEE, 2014.203-208.
    [72] Ren QZ, Qiu XF, Chen PC, Liang XD. The global flow table based on the software-defined networking. In:Proc. of the 2015 IEEE Int'l Conf. on Communication Problem-solving (ICCP). Piscataway:IEEE, 2015.264-267.
    [73] Ren D, Jiang W, Li H, Sun G. An OpenvSwitch extension for SDN traceback. In:Au MH, Yiu SM, Li J, Luo X, Wang C, Castiglione A, Kluczniak K, eds. Proc. of the Network and System Security. Berlin:Springer-Verlag, 2018.423-435.
    [74] Hadem P, Saikia DK. SMITE:An SDN and MPLS integrated traceback mechanism. In:Bohra MK, Shekhawat RS, Dhaka VS, Gaur MS, Elci A, eds. Proc. of the Security of Information and Networks. New York:ACM, 2017.171-177.
    [75] Li C, Wu Q, Li H, Zhou J. SDN-Ti:A general solution based on SDN to attacker traceback and identification in IPv6 networks. In:Proc. of the Int'l Conf. on Communications. Piscataway:IEEE, 2019.1-7.
    [76] Khan S, Gani A, Wahab AWA, Abdelaziz A, Bagiwa MA. FML:A novel forensics management layer for software defined networks. In:Bansal A, Singhal A, Nagpal R, Sehgal R, Gupta R, Agrawal AP, Choudhary A, Sehgal S, eds. Proc. of the 6th Int'l Conf. on Cloud System and Big Data Engineering (Confluence). Piscataway:IEEE, 2016.619-623.
    [77] Gong C, Sarac K. IP traceback based on packet marking and logging. In:Proc. of the 2015 IEEE Int'l Conf. on Communications. Piscataway:IEEE, 2005.1043-1047.
    [78] Murugesan V, Shalinie M, Yang M. Design and analysis of hybrid single packet IP traceback scheme. IET Networks, 2018,7(3):141-151.
    [79] Reith M, Carr C, Gunsch G. An examination of digital forensic models. Int'l Journal of Digital Evidence, 2002,1(3):1-12.
    [80] Montasari R, Peltola P, Evans D. Integrated computer forensics investigation process model (ICFIPM) for computer crime investigations. In:Jahankhani H, Carlile A, Akhgar B, Taal A, Hessami AG, Hosseinian-Far A, eds. Proc. of the Global Security, Safety and Sustainability:Tomorrow's Challenges of Cyber Security. Berlin:Springer-Verlag, 2015.83-95.
    [81] Yusoff Y, Ismail R, Hassan Z. Common phases of computer forensics investigation models. Int'l Journal of Computer Science & Information Technology (IJCSIT), 2011,3(3):17-31.
    [82] Ademu IO, Imafidon CO, Preston DS. A new approach of digital forensic model for digital forensic investigation. Int'l Journal of Advanced Computer Science and Applications, 2011,2(12):175-178.
    [83] Kohn MD, Eloff MM, Eloff JHP. Integrated digital forensic process model. Computers & Security, 2013,38:103-115.
    [84] Shrivastava G, Gupta BB. An encapsulated approach of forensic model for digital investigation. In:Proc. of the 2014 IEEE 3rd Global Conf. on Consumer Electronics (GCCE). Piscataway, NJ:IEEE, 2014.280-284.
    [85] Liu CW, Singhal A, Wijesekera D. A logic-based network forensic model for evidence analysis. In:Peterson G and Shenoi S, eds. Proc. of the Advances in Digital Forensics XI. Berlin:Springer, 2015.129-145.
    [86] Lutui R. A multidisciplinary digital forensic investigation process model. Business Horizons, 2016,59(6):593-604.
    [87] Mutawa NA, Bryce J, Franqueira VNL, Marrington A, Read JC. Behavioural digital forensics model:Embedding behavioural evidence analysis into the investigation of digital crimes. Digital Investigation, 2019,28:70-82.
    [88] Reza M. A standardised data acquisition process model for digital forensic investigations. Int'l Journal of Information Computer Security, 2017,9(3):229-249.
    [89] Wei R, Hai J. Modeling the network forensics behaviors. In:Proc. of the Workshop of the 1st Int'l Conf. on Security and Privacy for Emerging Areas in Communication Networks. Piscataway:IEEE, 2005.1-8.
    [90] Kent K, Chevalier S, Grance T, Dang H. Guide to integrating forensic techniques into incident response. Gaithersburg:NIST, 2006.26-29.
    [91] Freiling F, Schwittay B. A common process model for incident response and computer forensics. In:Proc. of the SIG SIDAR Conf. on IT-incidents Management & IT-forensics 2007.2007.19-40.
    [92] Pilli ES, Joshi RC, Niyogi R. Network forensic frameworks:Survey and research challenges. Digital Investigation, 2010,7(1):14-27.
    [93] Kaur P, Bijalwan A, Joshi RC, Awasthi A. Network forensic process model and framework:An alternative scenario. In:Singh R, Choudhury S, Gehlot A, eds. Proc. of the Intelligent Communication, Control and Devices. Berlin:Springer-Verlag, 2018.493-502.
    [94] Lin C, Li ZT, Gao CX, Liu YS. Modeling and analyzing dynamic forensics system based on intrusion tolerance. In:Shi X, Jin H, Zheng R, Zou D, eds. Proc. of the 9th IEEE Int'l Conf. on Computer & Information Technology. Los Alamitos:IEEE Computer Society, 2009.230-235.
    [95] Reza M, Richard H, Victoria C, Amin HF. The standardised digital forensic investigation process model (SDFIPM). In:Jahankhani H, Kendzierskyj S, Jamal A, Epiphaniou G, Al-Khateeb H, eds. Proc. of the Blockchain and Clinical Trial:Securing Patient Data. Berlin:Springer-Verlag, 2019.169-209.
    [96] Ding LP, Liu WM, Qiu XF, et al. The study of detection, response and forensics of malicious behaviors in cloud computing. Technical Report, Beijing:Service National Science and Technology Report, 2018.153-158(in Chinese with English abstract).
    [97] Li JR, Li XY, Gao YL, Gao YQ, Gao YQ, Fang BX. Review on data forwarding model in Internet of things. Ruan Jian Xue Bao/Journal of Software, 2018,29(1):196-224(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5373.htm[doi:10.13328/j.cnki.jos.005373]
    附中文参考文献:
    [1] 祝世雄,陈周国,张小松,等.网络攻击追踪溯源.北京:国防工业出版社,2015.102-131.
    [3] 丁丽萍.网络取证及计算机取证的理论研究.信息网络安全,2010,10(12):38-41.
    [4] 陈周国,蒲石,郝尧,等.网络攻击追踪溯源层次分析.计算机系统应用,2014,23(1):1-7.
    [5] 姜建国,王继志,孔斌,等.网络攻击源追踪技术研究综述.信息安全学报,2018,3(1):111-131.
    [9] 麦永浩.电子数据司法鉴定实务.北京:法律出版社,2012.26-45.
    [10] 丁丽萍.实时可取证操作系统的模型、策略及实现研究[博士学位论文].北京:中国科学院研究生院,2006.
    [34] 钱卫宁,邵奇峰,朱燕超,金澈清,周傲英.区块链与可信数据管理:问题与方法.软件学报,2018,29(1):150-159. http://www.jos.org.cn/1000-9825/5434.htm[doi:10.13328/j.cnki.jos.005434]
    [35] 李春晓,陈胜,郑龙帅,左春,蒋步云,梁赓.响应式许可链基础组件——RepChain.软件学报,2019,30(6):1670-1680. http://www.jos.org.cn/1000-9825/5743.htm[doi:10.13328/j.cnki.jos.005743]
    [37] 李德全,苏璞睿,冯登国.用于IP追踪的包标记的注记.软件学报,2004,15(2):250-258. http://www.jos.org.cn/1000-9825/15/250.htm
    [96] 丁丽萍,刘文懋,裘晓峰,等.云计算环境下的恶意行为检测、响应与取证技术研究.北京:国家科技报告服务系统,2018.
    [97] 李继蕊,李小勇,高雅丽,高云全,方滨兴.物联网环境下数据转发模型研究.软件学报,2018,29(1):196-224. http://www.jos.org.cn/1000-9825/5373.htm[doi:10.13328/j.cnki.jos.005373]
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

刘雪花,丁丽萍,郑涛,吴敬征,李彦峰.面向网络取证的网络攻击追踪溯源技术分析.软件学报,2021,32(1):194-217

复制
分享
文章指标
  • 点击次数:5328
  • 下载次数: 12764
  • HTML阅读次数: 6535
  • 引用次数: 0
历史
  • 收稿日期:2020-01-14
  • 最后修改日期:2020-06-04
  • 在线发布日期: 2020-07-27
  • 出版日期: 2021-01-06
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第20430354位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号