Internet Attack Traceback: Cross-Validation and Pebble-Trace

Lee, David; Lai, Ten H.

Internet Attack Traceback: Cross-Validation and Pebble-Trace

Active / Technical Report | Accession Number: ADA578556 |

Open PDF

Abstract:

On the Internet, attackers often launch attacks through stepping-stones to steal confidential information from victims. Hiding behind stepping-stones, attackers thus avoid being traced back. In this project, the problem of Internet attack traceback was studied. A Pebbletrace scheme was proposed, which imbeds zero-day based Pebbleware in the stolen information and thereby enables one to trace back to the attackers machine which has the stolen information. A Pebbletrace prototype was built and focused on two cases 1 the attacker steals a PDF file and 2 the attacker steals sensitive information through Zeus botnets. In the two cases, the project showed how to create Pebbleware automatically based on zero-day vulnerabilities, and how Pebbletrace reveals attackers whose machines are vulnerable to these zero-days.

Author(s):

Lee, David ; Lai, Ten H.

Author Organization(s):

OHIO STATE UNIV COLUMBUS DEPT OF COMPUTER SCIENCE AND ENGINEERING

Descriptive Note:

Final rept. 1 Apr 2009-30 Nov 2012

Supplementary Note:

The original document contains color images. DOI: 10.21236/ADA578556

Pagination:

0031

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

AFRL-OSR-VA-TR-2013-0159

Contract/Grant Number(s):

FA9550-09-1-0280

Monitor Series:

TR-2013-0159, AFRL-OSR-VA

Subject Terms

Joint Capability Areas:

JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_6.2.3_Core Enterprise Services; JCA_6.2_Enterprise Services; JCA_1.2.5_Lessons Learned; JCA_1.2_Force Preparation; JCA_1_Force Support

Communities of Interest:

No COI(s) Identified

Descriptor(s):

*HACKING(COMPUTER SECURITY), *INTERNET, *VULNERABILITY, ATTACK, CASE STUDIES, COMPUTER FILES, IDENTIFICATION, INFORMATION SECURITY

Field(s)/Group(s):

Computer Programming and Software, Computer Systems Management and Standards

Keyword(s):

BOTNETS, PEBBLETRACE, PEBBLEWARE, TRACEBACK, ZERO DAY VULNERABILITY

Report Date:

2013 Feb 28

Creation Date:

2013 Jun 24