Cooperative Intrusion Traceback and Response Architecture (CITRA)

Schnackengerg, D.; Holliday, Harley; Smith, Richard; Djahandari, K.; Sterne, D.

doi:10.1109/discex.2001.932192

Cited by 54 publications

(27 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similar approach was taken by CITRA [21]. This framework integrates network-based intrusion detection, security management systems and network infrastructure (firewalls, routers) to detect the intrusion, trace it back to the source and coordinate local response actions based on the attack report.…”

Section: Static Mapping Vs Dynamic Mappingmentioning

confidence: 99%

“…The Cooperative Intrusion Traceback and Response Architecture (CITRA) presented in [21] provides an example of cooperative agent-based system. This architecture utilizes neighborhood structure where the information about detected intrusion is propagated back through the neighborhood to the source of the attack and submitted to the centralized authority.…”

Section: Autonomous Vs Cooperativementioning

confidence: 99%

“…Several recent tracing mechanisms take one step further offering a combination of static and dynamic mapping techniques [27,21]. TBAIR [27] framework suggests to trace the intrusion back to the source host and dynamically select the suitable response such as remote blocking of the intruder, isolation of the contaminated hosts, etc.…”

Section: Static Mapping Vs Dynamic Mappingmentioning

confidence: 99%

See 2 more Smart Citations

A taxonomy of intrusion response systems

Stakhanova¹,

Basu²,

Wong³

2007

IJICS

122

View full text Add to dashboard Cite

Recent advances in intrusion detection field brought new requirements to intrusion prevention and response. Traditionally, the response to an attack was manually triggered by an administrator. However, increased complexity and speed of the attack-spread during recent years showed acute necessity for complex dynamic response mechanisms. Although intrusion detection systems are being actively developed, research efforts in intrusion response are still isolated. In this work we present taxonomy of intrusion response systems, together with a review of current trends in intrusion response research. We also provide a set of essential fetures as a requirement for an ideal intrusion response system. DisciplinesInformation Security

show abstract

Section: Static Mapping Vs Dynamic Mappingmentioning

confidence: 99%

Section: Autonomous Vs Cooperativementioning

confidence: 99%

Section: Static Mapping Vs Dynamic Mappingmentioning

confidence: 99%

See 1 more Smart Citation

A taxonomy of intrusion response systems

Stakhanova¹,

Basu²,

Wong³

2007

IJICS

122

View full text Add to dashboard Cite

show abstract

“…Therefore, if an active router detects an attack attempt it will send an active packet to the other edge active router to block the attacking packets. Unlike some other approaches [10,11,12,13,14], this architecture allows the network to work without relying on a central management server.…”

Section: The Active Router Architecturementioning

confidence: 99%

Active router approach to defeating denial-of-service attacks in networks

2007

View full text Add to dashboard Cite

“…[12] and [13] provide ways to record network traffic information through a serial of routers. We can set filters on key routers, which will then collect interesting information for us.…”

Section: Multiple Routers Tracebackmentioning

confidence: 99%

Generic network forensic data acquisition from household and small business wireless routers

Liu

Chen

et al. 2010

2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)

View full text Add to dashboard Cite

Abstract-People are benefiting tremendously from pervasively deployed WiFi networks. However, criminals may exploit the anonymity of WiFi communication and wireless routers to access illegal content such as child porn videos. It's becoming an urgent topic as regards to how to preserve and acquire network forensic data from household and small business wireless routers in order to track down criminals. In this paper, we first survey the forensic capacity of nearly all household wireless routers which are available on market. We present our analysis for people who are willing to choose a wireless router to monitor their network. Secondly, we develop a generic network forensic data logging mechanism to monitor traffic into and out of wireless routers which support OpenWrt. Our code running in the wireless routers could log network traffic and send connection information to the administrator via email.

show abstract

Cooperative Intrusion Traceback and Response Architecture (CITRA)

Cited by 54 publications

References 2 publications

A taxonomy of intrusion response systems

A taxonomy of intrusion response systems

Active router approach to defeating denial-of-service attacks in networks

Generic network forensic data acquisition from household and small business wireless routers

Contact Info

Product

Resources

About