The problem isn't attribution: It's multi-stage attacks
Author(s)
Clark, David D.; Landau, Susan
DownloadFinal published version. (950.9Kb)
Terms of use
Metadata
Show full item recordAbstract
As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for an Internet architecture that enables better network attribution at the packet layer. The intent is for a mechanism that links a packet to some packet level personally identifiable information (PLPII). But cyberattacks and cyberexploitations are more different than they are the same. One result of these distinctions is that packet-level attribution is neither as useful nor as necessary as it would appear.
In this paper we discuss why network-level personal attribution is of limited forensic value. We analyze the different types of Internet-based attacks, and observe the role that currently available alternatives to attribution already play in deterrence and prosecution. We focus on the particular character of multi-stage network attacks, in which machine A penetrates and “takes over” machine B, which then does the same to machine C, etc. We consider how these types of attacks might be traced, and observe that any technical contribution can only be contemplated in the larger regulatory context of various legal jurisdictions. Finally we examine the costs of PLPII mechanisms.
Date issued
2010-11-30Publisher
© Association for Computing Machinery, New York, NY, USA
Citation
Clark, D. D., & Landau, S. (2010). The problem isn't attribution: It's multi-stage attacks. Proceedings of the Re-Architecting the Internet Workshop (ReARCH '10), Article 11, 1–6.
Version: Final published version.
Collections
The following license files are associated with this item: