- Training
- Training - ALL
- Training - US / Canada
- Training - EMEA
- Training - International
- Training - Virtual
- SANS Courses
- Courses - Best Sellers
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Career Roadmap
- Certified Instructors
- Work Study
- Group Discounts
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Network Attack Attribution Research Group
Updated: September 13, 2005
Formed in July 2005: the SANS Network Attack Attribution Research Group is attempting to add breakthrough capabilities to the taxonomy of automated traceback techniques. We are a team from throughout industry and academia with a charter to discuss current attack attribution techniques in literature and identify capabilities lacking in industry solutions. We conduct fundamental research and development, and publish our findings on new attack traceback methods. One of the group's primary directives is to propose, analyze, and promote promising techniques for advancement into an experimentation phase on the DETER testbed. The Attack Attribution Group intends to publish one or more technical reports and presentations when our research and experimentation is complete, and to foster public understanding of the state-of-the art in traceback techniques.
We would like to acknowledge the important role that the DETER testbed is playing in this project. Our team members need a common experimentation environment that can closely simulate public Internet infrastructure and the DETERlab nicely meets this complex requirement. DETERlab is a network emulation and experimentation environment funded by the Department of Homeland Security and the National Science Foundation. We would like to thank the DETER team for the unique services they provide.
- DETERlab Testbed - www.deterlab.net
- DETER Project Home - www.isi.edu/deter/
Our thanks also go to Stephen Northcutt and The SANS Institute for providing us with the support and resources required to establish this project.
The projected time frame for initial findings is 6 months. Periodic updates and news of interest will be posted to this site.
- Links of interest
- A very comprehensive outline of IP traceback can be found in Wikipedia, the Free Encyclopedia http://en.wikipedia.org/wiki/IP_Traceback
- SANS Attack Attribution info on DETERlabs http://www.isi.deterlab.net/projectlist.php3
Security Research Projects
<< projects homeCurrent Members
This research group is currently comprised of ten members and we run a mailing list that serves as our central communication hub. If you feel that you could add your own unique insight to the problem of attack attribution and would like to play a role in this research you are invited to email the Attack Attribution Research Group's coordinating figures with a letter of interest at traceback@sans.org
- Stephen Northcutt
- Director of Training and Certification. The SANS Institute.
- Johannes Ullrich
- Chief Research Officer. The SANS Institute
- Erik Kamerling
- Principal Coordinator. SANS Attack Attribution Research Group
- Anton Chuvakin, Ph.D
- Security Strategist, netForensics
- Sid Faber
- Security Analyst, Federated Investors
- Nick Murphy
- Director of Information Technology, EthicsPoint
- Kathleen Moriarty
- Head of IT Security, MIT Lincoln Laboratory
- Scott Shinberg
- Security Program Manager, Incident Responder
- Steven J. Friedl
- Security Consultant, unixwiz.net
- Jason Thomas
- Deputy Program Manager, National Cyber-Forensics and Training Alliance
- Matt Ziemniak
- Information Analyst, National Cyber-Forensics and Training Alliance