Abstract

		    Tracing Based Active Intrusion Response

		 Journal of Information Warfare, Vol. 1, No. 1

		  Xinyuan Wang, Douglas S. Reeves, S. Felix Wu

Network-based intrusion has become a serious threat to today’s highly networked information 
systems, existing intrusion defense approaches such as intrusion prevention, detection, 
tolerance and response are "passive" in response to network-based intrusions in that 
their countermeasures are limited to being local to the intrusion target and there is 
no automated, network-wide counteraction against detected intrusions. While they all 
play an important role in counteracting network-based intrusion, they do not, however, 
effectively address the root cause of the problem -- intruders.

What is missing from existing intrusion prevention, detection, tolerance and response 
is an effective way to identify network-based intruders and hold them accountable for 
their intrusions. Network-based intrusion can not be effectively repelled or eliminated 
until its source is known.

In this paper, we propose Tracing Based Active Intrusion Response (TBAIR) as a new way 
to address the problem of network-based intrusion. Based on Sleepy Watermark Tracing (SWT), 
TBAIR is able to effectively trace the detected intrusion that utilizes stepping stone 
to disguise its origin at real-time, and dynamically push the intrusion countermeasures 
such as remote monitoring, blocking, containment and isolation close to the source of 
the intrusion. Through SWT’s unique active watermark technique, TBAIR is able to trace 
even when the intrusion connection is idle. Therefore it helps to apprehend the 
intruders on the spot and hold them accountable for their intrusions.

Keywords: Network-based Intrusion, Active Intrusion Tracing, Active Intrusion Response.