Shanmugasundaram et al., 2004 - Google Patents
Payload attribution via hierarchical bloom filtersShanmugasundaram et al., 2004
View PDF- Document ID
- 17441446433125131889
- Author
- Shanmugasundaram K
- Brönnimann H
- Memon N
- Publication year
- Publication venue
- Proceedings of the 11th ACM conference on Computer and communications security
External Links
Snippet
Payload attribution is an important problem often encountered in network forensics. Given an excerpt of a payload, finding its source and destination is useful for many security applications such as identifying sources and victims of a worm or virus. Although IP …
- 241000700605 Viruses 0 abstract description 25
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Shanmugasundaram et al. | Payload attribution via hierarchical bloom filters | |
| US7933208B2 (en) | Facilitating storage and querying of payload attribution information | |
| Whyte et al. | DNS-based Detection of Scanning Worms in an Enterprise Network. | |
| Goodrich | Efficient packet marking for large-scale IP traceback | |
| Belenky et al. | On deterministic packet marking | |
| Mirkovic et al. | A taxonomy of DDoS attack and DDoS defense mechanisms | |
| Mirkovic | D-WARD: source-end defense against distributed denial-of-service attacks | |
| US8296842B2 (en) | Detecting public network attacks using signatures and fast content analysis | |
| US7620733B1 (en) | DNS anti-spoofing using UDP | |
| US20110047610A1 (en) | Modular Framework for Virtualization of Identity and Authentication Processing for Multi-Factor Authentication | |
| Patil et al. | Unmasking of source identity, a step beyond in cyber forensic | |
| Ponec et al. | New payload attribution methods for network forensic investigations | |
| Santhanam et al. | Taxonomy of IP traceback | |
| Hamadeh et al. | A taxonomy of internet traceback | |
| JP4743901B2 (en) | Method, system and computer program for detecting unauthorized scanning on a network | |
| Pilli et al. | Data reduction by identification and correlation of TCP/IP attack attributes for network forensics | |
| Chen et al. | Detecting Internet worms at early stage | |
| Hamadeh et al. | Performance of ip address fragmentation strategies for ddos traceback | |
| Tzur-David et al. | Delay fast packets (dfp): Prevention of dns cache poisoning | |
| Mopari et al. | Detection of DDoS attack and defense against IP spoofing | |
| Xie et al. | An authentication based source address spoofing prevention method deployed in IPv6 edge network | |
| Mishra | Polys: Network-based signature generation for zero-day polymorphic worms | |
| Parashar et al. | Improved deterministic packet marking algorithm | |
| Leu et al. | IFTS: Intrusion forecast and traceback based on union defense environment | |
| Nagaonkar et al. | Detecting stealthy scans and scanning patterns using threshold random walk |