CQUniversity Researcher on Trail of Internet Attackers
Published on 29 October, 2009
CQUniversity's Dr. Yang Xiang is the recipient of an Australian Research Council grant for his collaborative work on "Tracing real internet attackers through information correlation."
Dr. Xiang has been working on this problem for around 5 years, trying to identify what he describes as "the real attackers". He explained that, it's a relatively simple task to identify what might seem to be the origin of an attack, however what is not often understood is that it is only the nearest machine that is successfully identified.
Dr. Xiang said, "Attackers are using thousands of machines which, in this current project we refer to as stepping stones. The stepping stone is used to relate the information from the attacker to the victim. "... 
Dr. Yang Xiang
It's better analysis of how to backtrack along those stepping stones that Dr. Xiang believes will ultimately lead to identification of the originating or source machines. He said, "We are using a technology called information correlation which is to assemble all the intelligence together and try to find the clue that will lead back to the origin of the malicious information."
At present, because of the current internet protocols, the IP (Internet Protocol) address is not reliable, "... we can't trust the IP address so, we have to use other techniques."
Dr. Xiang explained that computers are traceable via signatures other than just the IP address. Whenever a message is sent from a machine it is time-stamped, and that may be one ‘signature' which may offer a clue to the originating machine. "Normally the attacker will start the attack and the victim will receive the attack maybe within one to three hours, and it's those features we are using to try to correlate the information."
From 2000, "denial of service" attacks, massive hits on computer servers globally, to swamp and overwhelm networks, commenced. Dr Xiang said that each year those attacks have doubled, so "... it is a very serious problem."
The good news, from our point of view, is that Dr Xiang and his colleagues have had some substantial results, and have published in a number of peer publications and journals, however, the fight goes on.