Effective techniques for detecting and attributing cyber criminals

Abstract

<p>With the phenomenal growth of the Internet, more and more people enjoy and depend on the convenience of its provided services. Unfortunately, the number of network-based attacks is also increasing very quickly. More and more fraud activities appear in online advertising networks and online auction systems. Network attackers can easily hide their identities through IP spoofing, stepping stones, network address translators, Mobile IP or other ways, and thereby reduce the chance of being captured. The current IP network infrastructure lacks measures and cannot effectively deter and identify motivated and well-equipped attackers. Therefore, innovative traceback schemes are required to attribute the real attackers. By the way, network traffic always comes with high rate in distributed format without obvious beginning and ending. These properties make network traffic much different compared with traditional data sets, and data stream model is more feasible to analyze network traffic and detect anomaly and attacks.</p> <p>In this dissertation, we design effective techniques for detecting and attributing cyber criminals. We consider two kinds of fundamental techniques: forensics-sound attack monitoring and traceback, and forensics-sound online fraud detection. The contributions of our research are as follows: We propose several innovative algorithms which answer some open problems in fundamental statistics estimation over sliding windows. Those algorithms can be used to detect anomaly and attacks in networks. We also propose efficient and effective algorithms which can trace back stepping stone attacks and single packet attacks. Streaming algorithms are presented to detect click fraud in pay-per-click streams of online advertising networks.</p>