Accession Number:

ADA468859

Title:

Techniques for Cyber Attack Attribution

Descriptive Note:

Study rept.

Corporate Author:

INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA

Personal Author(s):

• Wheeler, David A.
• Larsen, Gregory N.

Report Date:

2003-10-01

Pagination or Media Count:

82.0

Abstract:

This paper summarizes various techniques to perform attribution of computer attackers who are exploiting data networks. Attribution can be defined as determining the identity or location of an attacker or an attackers intermediary. In the public literature traceback or source tracking are often used as terms instead of attribution. This paper is intended for use by the U.S. Department of Defense DoD as it considers if it should improve its attribution capability, and if so, how to do so. However, since the focus of this paper is on technology, it may also be of use to many others such as law enforcement personnel. This is a technical report, and assumes that the reader understands the basics of network technology, especially the Transmission Control ProtocolInternet Protocol TCPIP suite of protocols.

Descriptors:

• *COMPUTER NETWORKS
• *CYBERTERRORISM
• DEPARTMENT OF DEFENSE
• DATA PROCESSING SECURITY
• INTRUSION DETECTION(COMPUTERS)
• INFORMATION ASSURANCE
• INTERNET
• DATA TRANSMISSION SYSTEMS
• ATTACK

Subject Categories:

• Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE