微信服务号

微信订阅号

2025-5-13- 17
Home > Archive>Volume 32, Issue 1, 2021 >194-217. DOI:10.13328/j.cnki.jos.006105
PDF HTML XML Export Cite reminder
Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics
Author:
Affiliation:

Fund Project:

2019 Artificial Intelligence Application Demonstration Project of Nansha District, Guangzhou Municipality, China (2019SF01); Science and Technology Planning Project of Guangzhou Municipality, China (201802020015); National Natural Science Foundation of China (61772507); Support Scheme of Guangzhou for Leading Talents in Innovation and Entrepreneurship (领军人才2016008)

  • Article
    • | |
  • Metrics
    • |
  • Reference
    • |
  • Related
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    Locating the source of cyber attack and then collecting digital evidence is one of the tasks of network forensics. Cyber attack traceback techniques are used to locate the source of cyber attack. However, current research on cyber attack traceback is mainly conducted from a defensive perspective, targeting at blocking cyber attack as soon as possible via locating the cyber attack source, and rarely considers digital evidence acquirement. As a result, the large amount of valuable digital evidence generated during the process of cyber attack traceback cannot be used in prosecutions, and their value in network forensics cannot be fully exploited. Therefore, a set of forensics capability metrics is proposed to assess the forensics capability of cyber attack traceback techniques. The latest cyber attack traceback techniques, including cyber attack traceback based on software defined network, are summarized and analyzed. Their forensics capability is analyzed and some suggestions are provided for improvement. At last, a specific forensics process model for cyber attack traceback is proposed. The work of this paper provides reference for research on cyber attack traceback technology targeting at network forensics.

    Reference
    Related
    Cited by
Get Citation

刘雪花,丁丽萍,郑涛,吴敬征,李彦峰.面向网络取证的网络攻击追踪溯源技术分析.软件学报,2021,32(1):194-217

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:January 14,2020
  • Revised:June 04,2020
  • Online: July 27,2020
  • Published: January 06,2021
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063