Spee Demonstration: Single Packet Traceback
DARPA INFORMATION SURVIVABILITY CONFERENCE AND EXPOSITION, VOL II, PROCEEDINGS(2003)
摘要
SPIE, the Source Path Isolation Engine, is a DARPA-funded system for tracing single IP packets back through a network of instrumented routers or tap boxes that are associated with the routers. Historically, tracing individual packets by keeping packet logs at each router has required prohibitive amounts of memory; one of SPIE's key innovations is to reduce the memory requirement (down to 0.5% of link capacity) by storing only packet digests, that is, hashes of the packets rather than the packet itself. SPIE-enhanced routers maintain a cache of packet digests for recently forwarded traffic. If a packet is determined to be offensive by an intrusion detection system (or judged interesting by some other metric), a query is dispatched to the SPIE system that, in turn, queries routers for packet digests of the relevant time periods. ne results of this query are used in a simulated reverse-path flooding algorithm to build a highly reliable and accurate attack graph that identifies the packet's source or sources.
更多查看译文
关键词
tcpip,intrusion detection system,dissolved gas analysis,data structures,engines,history,cache,hashes,intrusion detection
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要