Keywords: IP Traceback, logging-based approach, data mining
IP Traceback is a way to search for sources of damage to the network or host computer. IP Trace- back method consists of reactive and proactive methods, and the proactive method induces a serious storage overhead. However, a system capable of solving these problems through cluster-based mass storage, digestible packets and hierarchical collections was designed. It not only performs traceback but also communicates with analysis data of other security systems by using the logging methods. It is capable of performing an effective traceback operation by using data mining in order to perform vast amount of traceback operation with the use of massive data. In addition, the results can be used as basic data to generate new rules for intrusion detection systems.