面向取证的网络攻击者溯源分析技术研究综述OACSTPCD

The concealment and anonymity of cyber attackers pose significant challenges to the field of network attack traceback.This study provides a comprehensive overview of the current state of research on network attack traceback analysis techniques,focusing on three aspects:traffic,scenarios,and samples.Firstly,with respect to traffic traceback,the paper outlines methods and applications based on log records,packet marking,ICMP tracing,and link testing.Secondly,it categorizes traceback techniques for different scenarios,encompassinganonymous networks,zombie networks,springboards,local area networks,and advanced persistent threat attacks,as well as their applications and limitations in real-world environments.Finally,concerning sample analysis,the paper discusses the progress and application scenarios of static and dynamic traceback analysis in the context of malicious code analysis and attack tracing.