Title: Visibility: a novel concept for characterising provable network digital evidences
Authors: Slim Rekhis, Noureddine A. Boudriga
Addresses: Communication Networks and Security Research Lab., University of the 7th of November at Carthage, Ariana 2088, Tunisia. ' Communication Networks and Security Research Lab., University of the 7th of November at Carthage, Ariana 2088, Tunisia
Abstract: Providing a formal method of digital investigation happened to be of utmost importance, as it allows to: demonstrate the absence of design weaknesses in the used technique; analyse the security incident with an accurate manner; provide non refutable proofs regarding the obtained results. We provide in this work a new formal concept, entitled Visibility, and we develop its relation with network digital investigation, particularly the investigation of source address spoofing attacks. To demonstrate the effectiveness of our visibility-based theory, we use it in conjunction with an efficient traceback technique to prove IP spoofing attacks occurrence and identify their source.
Keywords: visibility; formal proof; digital investigation; source address spoofing; packet tracing; networks; security; spoofing attacks; traceback.
International Journal of Security and Networks, 2009 Vol.4 No.4, pp.234 - 245
Published online: 22 Sep 2009 *
Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article