An IP Trace back System to Find the Real Source of Attacks
| International Journal of Computer Trends and Technology (IJCTT) | |
© - Sep to Oct Issue 2011 by IJCTT Journal | ||
Volume-1 Issue-2 | ||
Year of Publication : 2011 | ||
Authors :A.Parvathi and G.L.N.JayaPradha. |
A.Parvathi and G.L.N.JayaPradha. "An IP Trace back System to Find the Real Source of Attacks"International Journal of Computer Trends and Technology (IJCTT),V2(2):301-308 Sep to Oct Issue 2011 .ISSN 2231-2803.www.ijcttjournal.org. Published by Seventh Sense Research Group.
Abstract: Teamwork is the ability to work together toward a common vision. And a leader is a person who Internet Protocol (IP) traceback is the enabling technology to control Internet crime. In this paper, we present a novel and practical IP traceback system called Flexible Deterministic Packet Marking (FDPM) which provides a defense system with the ability to find out the real sources of attacking packets that traverse through the network. While a number of other traceback schemes exist, FDPM provides innovative features to trace the source of IP packets and can obtain better tracing capability than others. In particular, FDPM adopts a flexible mark length strategy to make it compatible to different network environments; it also adaptively changes its marking rate according to the load of the participating router by a flexible flow-based marking scheme. Evaluations on both simulation and real system implementation demonstrate that FDPM requires a moderately small number of packets to complete the traceback process; add little additional load to routers and can trace a large number of sources in one traceback process with low false positive rates. The built-in overload prevention mechanism makes this system capable of achieving a satisfactory traceback result even when the router is heavily loaded. The motivation of this traceback system is from DDoS defense. It has been used to not only trace DDoS attacking packets but also enhance filtering attacking traffic. It has a wide array of applications for other security systems.
References-
[1] H. Farhat, “Protecting TCP Services from Denial of Service Attacks,” Proc. ACM SIGCOMM Workshop Large-Scale Attack Defense (LSAD ’06), pp. 155-160, 2006.
[2] H. Wang, C. Jin, and K.G. Shin, “Defense against Spoofed IP Traffic Using Hop-Count Filtering,” IEEE/ACM Trans. Networking,vol. 15, no. 1, pp. 40-53, 2007.
[3] M.T. Goodrich, “Efficient Packet Marking for Large-Scale IP Traceback,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS ’02), pp. 117-126, 2002.
[4] H. Aljifri, “IP Traceback: A New Denial-of-Service Deterrent,” IEEE Security and Privacy, vol. 1, no. 3, pp. 24-31, 2003.
[5] A. Belenky and N. Ansari, “On IP Traceback,” IEEE Comm., vol. 41, no. 7, pp. 142-153, 2003.
[6] Z. Gao and N. Ansari, “Tracing Cyber Attacks from the Practical Perspective,” IEEE Comm., vol. 43, no. 5, pp. 123-131, 2005.
[7] H. Burch and B. Cheswick, “Tracing Anonymous Packets to Their Approximate Source,” Proc. 14th Systems Administration Conf. (LISA ’00), pp. 319-327, 2000.
[8] R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods,” Proc. Ninth USENIX Security Symp.(Security), pp. 199-212, 2000.
[9] S.M. Bellovin, ICMP Traceback Messages—Internet Draft, Network Working Group, 2000.
[10] A. Mankin et al., “On Design and Evaluation of Intention- DrivenICMP Traceback,” Proc. 10th Int’l Conf. Computer Comm. And Networks (ICCCN ’01), pp. 159-165, 2001.
[11] C. Jin, H. Wang, and K.G. Shin, “Hop-Count Filtering: An Effective Defense against Spoofed DDoS Traffic,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS ’03), pp. 30-41, 2003.
[12] N.G. Duffield and M. Grossglauser, “Trajectory Sampling for Direct Traffic Observation,” Proc. ACM SIGCOMM ’00, pp. 271-282, 2000.
[13] A.C. Snoeren et al., “Single-Packet IP Traceback,” IEEE/ACM Trans. Networking, vol. 10, no. 6, pp. 721-734, 2002.
[14] T. Baba and S. Matsuda, “Tracing Network Attacks to Their Sources,” IEEE Internet Computing, vol. 6, no. 3, 20-26, 2002.
[15] J. Li et al., “Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation,” Proc. IEEE Symp. Security and Privacy (S&P ’04), pp. 115-129, 2004.
[16] S. Savage et al., “Network Support for IP Traceback,” ACM/ IEEE Trans. Networking, vol. 9, no. 3, pp. 226-237, 2001.
[17] K. Park and H. Lee, “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power- Law Internet,” Proc. ACM SIGCOMM ’01, pp. 15-26, 2001
KeywordsDDoS attacks, IP trace back, performance evaluation, routers, security.