Techniques for Cyber Attack Attribution
INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA
Pagination or Media Count:
This paper summarizes various techniques to perform attribution of computer attackers who are exploiting data networks. Attribution can be defined as determining the identity or location of an attacker or an attackers intermediary. In the public literature traceback or source tracking are often used as terms instead of attribution. This paper is intended for use by the U.S. Department of Defense DoD as it considers if it should improve its attribution capability, and if so, how to do so. However, since the focus of this paper is on technology, it may also be of use to many others such as law enforcement personnel. This is a technical report, and assumes that the reader understands the basics of network technology, especially the Transmission Control ProtocolInternet Protocol TCPIP suite of protocols.
- Computer Systems Management and Standards