Techniques for Cyber Attack Attribution

Abstract

This paper summarizes various techniques to perform attribution of computer attackers who are exploiting data networks. Attribution can be defined as determining the identity or location of an attacker or an attacker's intermediary. In the public literature "traceback" or "source tracking" are often used as terms instead of "attribution." This paper is intended for use by the U.S. Department of Defense (DoD) as it considers if it should improve its attribution capability, and if so, how to do so. However, since the focus of this paper is on technology, it may also be of use to many others such as law enforcement personnel. This is a technical report, and assumes that the reader understands the basics of network technology, especially the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2003
Accession Number
ADA468859

Entities

People

  • David A. Wheeler
  • Gregory N. Larsen

Organizations

  • Institute for Defense Analyses

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Protocols
  • Computer Communications
  • Computer Networks
  • Computers
  • Cybersecurity
  • Denial Of Service Attack
  • Detectors
  • Electronic Mail
  • Electronic Messaging
  • Intrusion Detection
  • Intrusion Detectors
  • Network Architecture
  • Network Protocols
  • Network Science
  • Network Topology
  • Operating Systems
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Theoretical Analysis.

Technology Areas

  • Cyber
  • Cyber - Legality in Cyberspace