IP traceback with sparsely-tagged fragment marking scheme under massively multiple attack paths
详细信息    查看全文
  • 作者:Kichang Kim (1)
    Jeankyung Kim (2)
    Jinsoo Hwang (2)
  • 关键词:PPM ; Sparsely ; tagged ; IP Trace ; Multiple attack ; S ; TFMS
  • 刊名:Cluster Computing
  • 出版年:2013
  • 出版时间:June 2013
  • 年:2013
  • 卷:16
  • 期:2
  • 页码:229-239
  • 全文大小:480KB
  • 参考文献:1. Bellovin, S.M.: The ICMP traceback messages. Internet Draft: draft-bellovin-itrace-00.txt. http://www.research.att.com/~smb, Mar. 2000
    2. Belenky, A., Ansari, N.: IP traceback with deterministic packet marking. IEEE Commun. Lett. 7(4) 2003. doi:10.1109/LCOMM.2003.811200
    3. Belenky, A., Ansari, N.: Tracing multiple attackers with deterministic packet marking. In: IEEE PACRIM鈥?2, August (2003)
    4. Burch, H., Cheswick, B.: Tracing anonymous packets to their approximate source. Unpublished paper, Dec. 1999
    5. Curry, D.A.: Unix System Security, pp.聽36鈥?0. Addison-Wesley, Reading (1992)
    6. Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to ip traceback. In: Network and Distributed System Security Symposium, NDSS, Feb. (2001)
    7. Gao, Z., Ansari, N.: Tracing cyber attacks from the practical perspectives. IEEE Commun. Mag. 41(5) (2005)
    8. Gong, C., Sarac, K.: Toward a more practical marking scheme for IP traceback. In: Proceedings of 3rd International Conference on Broadband Communications, Networks and Systems (2006)
    9. Kim, B., Kim, S., Hwang, J., Kim, K.: Tagged fragment marking scheme with distance-weighted sampling for a fast IP traceback. In: LNCS, vol.聽2642. Springer, Berlin (2003)
    10. Korkmaz, T., Gong, C., Sarac, K., Dykes, S.: Single packet IP traceback in AS-level partial deployment scenario. Int. J. Secur. Netw. 2(2) (2007). doi:10.1504/IJSN.2007.012828
    11. Lee, T.-H., Huang, T.-Y.W., Lin, I.: A聽deterministic packet marking scheme for tracing multiple internet attackers. In: International Conference on Communications (2005)
    12. Li, J., Sung, M., Xu, J., Li, L., Zhao, Q.: Large-scale IP traceback in high-speed internet: practical techniques and theoretical foundation. In: Proc. of IEEE Symposium on Security and Privacy, Oakland, CA (2004)
    13. Liu, J., Lee, Z., Chung, Y.: Dynamic probabilistic packet marking for efficient IP traceback. Int. J. Comput. Telecommun. Netw. 51(3) (2007). doi:10.1016/j.comnet.2006.06.009
    14. Paruchuri, V., Durresi, A., Chellappan, S.: TTL based packet marking for IP traceback. In: IEEE Globecom (2008)
    15. Sattari, P., Gjoka, M., Markopoulou, A.: A聽network coding approach to IP traceback. In: Proceedings of IEEE International Symposium on Network Coding (2010)
    16. Snoeren, L.A., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-based IP traceback. In: Proceedings of 2001 Conference on Applications, Technologies, Architecture, and Protocols for Computer Communication (2001)
    17. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proc. of ACM SIGCOMM, Aug. 2000, pp.聽295鈥?06 (2000) CrossRef
    18. Stone, R.: CenterTrack an IP overlay network for tracking DoD floods. In: Proceedings of the 2000 USENIX Security Symposium, Denver, CO, July (2000)
    19. Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proc. IEEE INFOCOM, Apr. (2001)
    20. Yaar, A., Perrig, A., Song, D.: FIT: fast Internet traceback. In: Proceedings of IEEE INFOCOM (2005)
  • 作者单位:Kichang Kim (1)
    Jeankyung Kim (2)
    Jinsoo Hwang (2)

    1. School of Information and Communication Engineering, Inha University, Incheon, Korea
    2. Department of Statistics, Inha University, Incheon, Korea
  • ISSN:1573-7543
文摘
IP traceback is known to be one of the most effective measures to deter Internet attacks. Various techniques for IP traceback have been suggested. Among them, we focus on Probabilistic Packet Marking scheme (PPM) with tagging. We believe PPM is more advantageous than others because it does not generate additional network traffic and requires minimal protocol change. However, three parameters need to be optimized to make PPM practical under massively multiple attack paths: the number of packets to collect, the number of fragment combinations to recover the IP addresses, and the false positive error rate. Tagging is an effective way to reduce the number of combinations but it increases the false positive error rates when the number of routers in the attack paths grows. Other PPM-related techniques suggested in the past have similar problems. They improve one or two parameters at the expense of others, or they require additional data structures such as an upstream router map. In this paper, we propose a method that optimizes the three parameters at the same time and recovers original IPs quickly and correctly even in the presence of massive multiple attack paths. Our method does not need either a combinatorial process to recover IPs or additional information such as an upstream router map. Our result shows that our method recovers 95% of the original IPs correctly with no fragment combinations and with zero false positives. It needs to collect only 8N packets per router where N is the number of routers involved in the attack paths.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700