Traceback

The goal of traceback capabilities is to determine the path from a victimized network or system through any intermediate systems and communication pathways, back to the point of attack origination. In some cases, the computers launching an attack may themselves be compromised hosts being controlled remotely from a system one or more levels farther removed from the system under attack. Attribution is the process of determining the identity of the source of a cyber attack. Types of attribution can include both digital identity (computer, user account, IP address, or enabling software) and physical identity (John Doe was the hacker using the computer from which an attack originated). Attribution can also support a new model of authorization using accountability as a basis for deciding which operations or resources to trust.