The problem isn't attribution: It's multi-stage attacks
As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for an Internet architecture that enables better network attribution at the packet layer. The intent is for a mechanism that links a packet to some pack...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | en_US |
| Published: |
© Association for Computing Machinery, New York, NY, USA
2022
|
| Online Access: | https://doi.org/10.1145/1921233.1921247 https://hdl.handle.net/1721.1/141711 |
| _version_ | 1811096160873480192 |
|---|---|
| author | Clark, David D. Landau, Susan |
| author_facet | Clark, David D. Landau, Susan |
| author_sort | Clark, David D. |
| collection | MIT |
| description | As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for an Internet architecture that enables better network attribution at the packet layer. The intent is for a mechanism that links a packet to some packet level personally identifiable information (PLPII). But cyberattacks and cyberexploitations are more different than they are the same. One result of these distinctions is that packet-level attribution is neither as useful nor as necessary as it would appear.
In this paper we discuss why network-level personal attribution is of limited forensic value. We analyze the different types of Internet-based attacks, and observe the role that currently available alternatives to attribution already play in deterrence and prosecution. We focus on the particular character of multi-stage network attacks, in which machine A penetrates and “takes over” machine B, which then does the same to machine C, etc. We consider how these types of attacks might be traced, and observe that any technical contribution can only be contemplated in the larger regulatory context of various legal jurisdictions. Finally we examine the costs of PLPII mechanisms. |
| first_indexed | 2024-09-23T16:39:04Z |
| format | Article |
| id | mit-1721.1/141711 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T16:39:04Z |
| publishDate | 2022 |
| publisher | © Association for Computing Machinery, New York, NY, USA |
| record_format | dspace |
| spelling | mit-1721.1/1417112022-04-07T03:02:38Z The problem isn't attribution: It's multi-stage attacks Clark, David D. Landau, Susan As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for an Internet architecture that enables better network attribution at the packet layer. The intent is for a mechanism that links a packet to some packet level personally identifiable information (PLPII). But cyberattacks and cyberexploitations are more different than they are the same. One result of these distinctions is that packet-level attribution is neither as useful nor as necessary as it would appear. In this paper we discuss why network-level personal attribution is of limited forensic value. We analyze the different types of Internet-based attacks, and observe the role that currently available alternatives to attribution already play in deterrence and prosecution. We focus on the particular character of multi-stage network attacks, in which machine A penetrates and “takes over” machine B, which then does the same to machine C, etc. We consider how these types of attacks might be traced, and observe that any technical contribution can only be contemplated in the larger regulatory context of various legal jurisdictions. Finally we examine the costs of PLPII mechanisms. This material is based on work supported by the U.S. Office of Naval Research, Grant No. N00014-09-1-0597. Any opinions, findings, conclusions or recommendations therein are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research. 2022-04-06T16:01:05Z 2022-04-06T16:01:05Z 2010-11-30 Article https://doi.org/10.1145/1921233.1921247 https://hdl.handle.net/1721.1/141711 Clark, D. D., & Landau, S. (2010). The problem isn't attribution: It's multi-stage attacks. Proceedings of the Re-Architecting the Internet Workshop (ReARCH '10), Article 11, 1–6. en_US Attribution-NonCommercial-NoDerivs 3.0 United States http://creativecommons.org/licenses/by-nc-nd/3.0/us/ application/pdf © Association for Computing Machinery, New York, NY, USA |
| spellingShingle | Clark, David D. Landau, Susan The problem isn't attribution: It's multi-stage attacks |
| title | The problem isn't attribution: It's multi-stage attacks |
| title_full | The problem isn't attribution: It's multi-stage attacks |
| title_fullStr | The problem isn't attribution: It's multi-stage attacks |
| title_full_unstemmed | The problem isn't attribution: It's multi-stage attacks |
| title_short | The problem isn't attribution: It's multi-stage attacks |
| title_sort | problem isn t attribution it s multi stage attacks |
| url | https://doi.org/10.1145/1921233.1921247 https://hdl.handle.net/1721.1/141711 |
| work_keys_str_mv | AT clarkdavidd theproblemisntattributionitsmultistageattacks AT landaususan theproblemisntattributionitsmultistageattacks AT clarkdavidd problemisntattributionitsmultistageattacks AT landaususan problemisntattributionitsmultistageattacks |