Holding intruders accountable on the Internet
作者: S. Staniford-Chen , L.T. Heberlein
DOI: 10.1109/SECPRI.1995.398921
关键词:
摘要: This paper addresses the problem of tracing intruders who obscure their identity by logging through a chain multiple machines. After discussing previous approaches to this problem, we introduce thumbprints which are short summaries content connection. These can be compared determine whether two connections contain same text and therefore likely part connection chain. We enumerate properties thumbprint needs have work in practice, then define class local desired properties. A methodology from multivariate statistics called principal component analysis is used infer best choice thumbprinting parameters data. Currently our require 24 bytes per minute develop an algorithm compare these allows for possibility that data may leak one time-interval next. present experimental showing scheme works on area network. >
ieeecomputersociety.org
acm.org 参考文章(3)
Stephen E. Smaha, Terrance L. Goan, James Brentano, Daniel M. Teal, Karl N. Levitt, Biswanath Mukherjee, Steven R. Snapp, L. Todd Heberlein, Gihan V. Dias, Tim Grance, Che-Lin Ho, Doug Mansur, DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype Internet besieged. pp. 211- 227 ,(1997)
Craig Stanfill, Brewster Kahle, Parallel free-text search on the connection machine system Communications of the ACM. ,vol. 29, pp. 1229- 1239 ,(1986) , 10.1145/7902.7907
J. VanBokkelen, Telnet terminal-type option RFC. ,vol. 1091, pp. 1- 7 ,(1989)