Session Based Logging (SBL) for IP-Traceback on Network Forensics

The widely acknowledged problem of reliably identifying the origin of information in cyberspace has been the subject of much research. Due to the nature of the Internet protocol, the source IP can be easily falsified which results in numerous problems including infamous denial of service attacks. The combination of smart devices with powerful processing capabilities once observed only in mainframe computers decades ago and the presence of the Internet which allows communications between all those devices exacerbate the problem. In this paper, we propose a novel technique called Session Based Logging (SBL) for simple and effective IP-Traceback and logging mechanism. SBL is easy to implement and also has significant advantage of saving storage space over previously proposed schemes. Moreover the SBL approach has clear edge under sensitive privacy regulations since it does not need to capture detailed contents of each individual communication session. Experimental results show its potential and ease of execution from free of any agent software installation on the logging machine. The proposed SBL scheme on this paper currently supports only TCP sessions but we believe this approach could be further extended to UDP connections which have many inherent network security problems.