摘要
在网络空间中,网络攻击源追踪是指当检测到网络攻击事件发生后,能够追踪定位真正的攻击者的主机,以帮助司法人员对攻击者采取法律手段。近二十年,研究人员对网络攻击源追踪技术进行了大量研究。本文对这些研究进行了综述。首先,明确了问题的定义,不同的攻击场景所采用的追踪技术也有所不同,将问题分为5类:虚假IP追踪、Botnet追踪、匿名网络追踪、跳板追踪、局域网追踪,分别总结了相关的研究成果,明确各种方法所适用的场景。最后,将各类方法归纳为4种类型,对比了这4类方法的优缺点,并讨论了未来的研究方向。
In cyberspace, the network attack sources traceback is to trace and locate the real hosts owned by attackers after network attack events are detected, so that judicial personals can take some legal action to arrest or prosecute these network attackers. In recently twenty years, there are lots of researches on the issue, which is investigated by the paper.Firstly, the definition of the issue is argued. Since different traceback technologies should be applied on different attack scenarios, the issue can be divided into 5 sub-problems: Spoofing IP Traceback, Botnet Traceback, Anonymous Network Traceback, Step Stone Traceback, and Local Network Traceback. In the 5 sub-problems, all kinds of methods are surveyed and their primitive conditions are discussed. Finally, these methods are sumed up 4 types, whose strengths and weaknesses are compared. Then the future research work is proposed.
作者
姜建国
王继志
孔斌
胡波
刘吉强
JIANG Jianguo;WANG Jizhi;KONG Bin;HU Bo;LIU Jiqiang(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences Beijing 100093, China;Shandong Computer Science Center (National Supercomputer Center in Jinan), Jinan 250101, China;Beijing Jiaotong University, Beijing 100093, China)
出处
《信息安全学报》
CSCD
2018年第1期111-131,共21页
Journal of Cyber Security
基金
山东省重大科技创新工程(编号:2017CXGC0704)资助
关键词
网络安全
IP追踪
跳板检测
僵尸网络
匿名网络
Network security, IP traceback, step-stone detection, Botnet, anonymous network