Patent
Log-based traceback system and method using centroid decomposition technique
Jonghyun Kim,Geon Lyang Kim,Seon Gyoung Sohn,Beom Hwan Chang,Chi Yoon Jeong,Jong Ho Ryu,Jung Chan Na,Jong Soo Jang,Sung Won Sohn +8 more
- 21 Nov 2007
44
TL;DR: In this article, the centroid decomposition technique is used to detect an attacker by removing a leaf node from the shortest path tree and generating a centroid tree whose node of each level is the detected centroid node.
read more
Abstract: There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm. According to the system and method, an attacker causing a security intrusion event may be quickly detected, a load on the system is reduced, and a passage host exposed to a danger or having weaknesses may be easily recognized, thereby easily coping with an attack.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Network Function Virtualization for a Network Device
Peter Ashwood-Smith,Mehdi Arashmid Akhavain Mohammadi,Evelyne Roch +2 more
- 10 Jan 2014
TL;DR: In this article, the authors propose an apparatus for performing network function virtualization (NFV) comprising a memory, a processor coupled to the memory, wherein the memory includes instructions that when executed by the processor cause the apparatus to perform the following: receive an instruction to virtualize a network device within a network, divide, according to the instruction, the network device into a plurality of network functions (NFs) used to form a virtualized network node, launch the NFs within one or more virtual containers, and group the virtual containers together using a group identifier (ID) that
285
Patent
Automated access, key, certificate, and credential management
Tatu Ylonen
- 21 Dec 2012
TL;DR: In this article, the authors provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships, such as certificates, Kerberos credentials, and cryptographic keys.
219
Patent
System that provides early detection, alert, and response to electronic threats
Yuval Elovici,Gil Tachan,Asaf Shabtai +2 more
- 04 Feb 2008
TL;DR: In this article, a computer system that provides early detection alert and response to electronic threats (eThreats) in large wide area networks, e.g., the network of an Internet Services Provider or a Network Services Provider, is presented.
154
Patent
Techniques for behavior based malware analysis
Sandeep Bhatkar,Susanta Nanda,Jeffrey Wilhelm +2 more
- 14 Mar 2011
TL;DR: In this paper, techniques for behavior-based malware analysis are described, including using observable events to identify low level actions, analyzing a plurality of low-level actions to identify at least one high level behavior, and providing an output of the at least high level behaviour.
76
Patent
Method and system for network connection chain traceback using network flow data
Yang Seo Choi,Ik Kyun Kim,Min Ho Han,Jung-Tae Kim,Jonghyun Kim +4 more
- 02 Mar 2015
TL;DR: In this article, a method and a system for network connection chain traceback by using network flow data in order to trace an attack source site for cyber hacking attacks that goes by way of various sites without addition of new equipment of a network or modification a standard protocol when the cyber hacking attack occurs in the Internet and an internal network.
64
References
Patent
Real-time packet traceback and associated packet marking strategies
Ihab Hamadeh,George Kesidis +1 more
- 11 Jul 2003
TL;DR: In this paper, the authors propose to use partial address information to trace packet flows back to a trusted point as near as possible to the source of the flow in question, without requiring the assistance of outside network operators.
102
Patent
Method for source-spoofed IP packet traceback
Walter Clark Milliken
- 15 Feb 2006
TL;DR: In this paper, an IP packet traceback technique for locating the origin of a malicious packet, even if the packet's IP source address is incorrect (spoofed), is presented.
95
Patent
Implicit routing in content based networks
Craig Betts,David Pochopsky,Martin Barnes,Greg Bertin,Peter Ashton,Wayne Burwell,Steven Buchko,Jonathan L. Bosloy,Shawn Mcallister +8 more
- 16 Dec 2004
TL;DR: In this article, a link state protocol maintains each network element's topological view of the overlay network from the underlying network, and a subscription management protocol ensures dissemination of published content within the content-based network independently of the link-state protocol.
79
Patent
Information processing device, information recording medium manufacturing device, information recording medium, methods thereof, and computer program
Yoshikazu Takashima
- 16 Feb 2006
TL;DR: An information processing device for executing content reproduction processing includes: a content reproduction unit for executing data transformation processing for replacing a part of configuration data of input content to be reproduced with transformation data, and executing processing for reproducing the reproduction content as mentioned in this paper.
61
Patent
Method for on demand distributed hash table update
Eunsoo Shim,Sathya Narayanan +1 more
- 31 Mar 2006
TL;DR: In this paper, the authors propose a method for managing communication in a peer-to-peer network in which overlay information is updated on-demand such that neighboring node information updates at least periodically and other overlay information from standard communications.
59