Advertisement

A Novel Algorithm on IP Traceback to Find the Real Source of Spoofed IP Packets

  • M. Vijayalakshmi
  • N. Nithya
  • S. Mercy Shalinie
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 325)

Abstract

With the availability of Internet at the doorsteps in recent years, there has been a wide range of invasions from strangers such as distributed denial of service (DDoS) attacks. DDoS can be launched from any location, draining resources of the victim machine or network. The original IP address of the attacker is more often spoofed; hence, an IP traceback scheme is needed to trace the source of a packet. In this paper, we propose a novel marking algorithm which provides a single packet traceback directly at the victim’s location. The marking algorithm is simple to use with negligible computation and no storage overhead, compared to existing system. Further, the traceback is in convenience to the victim as the entire network traversal or out of band message to identify the attack source is not needed.

Keywords

Network security DDoS attacks IP traceback Packet marking 

References

  1. 1.
    Arbor, IP Flow-Based Technology (2011), http://www.arbornetworks.com
  2. 2.
    H. Beitollahi, G. Deconinck, Analyzing well-known countermeasures against distributed denial of service attacks. Comput. Comm. 35, 1312–1332 (2012)Google Scholar
  3. 3.
    S. Savage, D. Wetherall, A.R. Karlin, T.E. Anderson, Network support for IP traceback. IEEE/ACM Trans. Networking 9(3), 226–237 (2001)CrossRefGoogle Scholar
  4. 4.
    R. Stone, Centertrack: an IP overlay network for tracking DoS floods, in Proceedings of the 9th conference on USENIX Security Symposium, Berkeley, USA (2000), pp. 199–212Google Scholar
  5. 5.
    H. Burch, B. Cheswick, Tracing anonymous packets to their approximate source, in Proceedings of the 14th USENIX conference on System administration (2000), pp. 319–328Google Scholar
  6. 6.
    S. Savage, D. Wetherall, A.R. Karlin, T. Anderson, Practical network support for IP traceback, in Proceedings of ACM SIGCOMM (2000), pp. 295–306Google Scholar
  7. 7.
    D. Song, A. Perrig, Advanced and authenticated marking schemes for IP traceback, in Proceedings of IEEE INFOCOM (2001), pp. 878–886Google Scholar
  8. 8.
    T.K.T. Law, D.K.Y. Yau, J.C.S. Lui, You can run, but you can’t hide: an effective statistical methodology to trace back DDoS attackers. IEEE Trans. Parallel Distrib. Syst. 16(9), 799–813 (2005)CrossRefGoogle Scholar
  9. 9.
    A. Yaar, A. Perrig, D. Song, FIT: fast internet traceback, in Proceedings IEEE INFOCOM (2005), pp. 1395–1406Google Scholar
  10. 10.
    M.T. Goodrich, Probablistic packet marking for large scale IP traceback. IEEE/ACM Trans. Networking 16(1), 15–24 (2008)CrossRefGoogle Scholar
  11. 11.
    A. Belenky, N. Ansari, IP traceback with deterministic packet marking. IEEE Comm. Lett. 7(4), 162–164 (2003)CrossRefGoogle Scholar
  12. 12.
    A. Belenky, N. Ansari, Tracing multiple attackers with deterministic packet marking (DPM), in Proceedings of IEEE PACRIM’03, Victoria, BC, Canada (2003), pp. 49–52Google Scholar
  13. 13.
    A. Belenky, N. Ansari, On deterministic packet marking. Comput. Netw. 51(10), 2677–2700 (2007)CrossRefzbMATHGoogle Scholar
  14. 14.
    G. Jin, J. Yang, Deterministic packet marking based on redundant decomposition for IP traceback. IEEE Comm. Lett. 10(3), 204–206 (2006)CrossRefGoogle Scholar
  15. 15.
    Y. Xiang, W. Zhou, J. Rough, Trace IP packets by flexible deterministic packet marking (FDPM), in Proceedings of IEEE International Workshop IP Operations and Management (IPOM ’04) (2004), pp. 246–252Google Scholar
  16. 16.
    Y. Xiang, W. Zhou, M. Guo, Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE Trans. Parallel Distrib. Syst. 20(4), 567–580 (2009)Google Scholar
  17. 17.
    S.M. Bellovin, M.D. Leech, T. Taylor, ICMP traceback messages, Internet Draft: Draft-Ietf-Itrace-04.Txt (2003)Google Scholar
  18. 18.
    H.C.J. Lee, V.L.L. Thing, Y. Xu, M. Ma, ICMP traceback with cumulative path, an efficient solution for IP traceback, in International Conference on Information and Communications Security. Springer Lecture Notes in Computer Science, vol. 2836 (2003), pp. 124–135Google Scholar
  19. 19.
    V.L.L. Thing, H.C.J. Lee, M. Sloman, J. Zhou, Enhanced ICMP traceback with Cumulative Path, in 61st IEEE Vehicular Technology Conference (2005)Google Scholar
  20. 20.
    W. Felix, On design and evaluation of intention-driven ICMP traceback, in Proceedings of IEEE International Conference on Computer Communications and Networks (IEEE CS Press, 2001), pp. 159–165Google Scholar
  21. 21.
    A. Izaddoost, M. Othman, M.F.A. Rasid, Accurate ICMP traceback model under DoS/DDoS attack, in Proceedings of the 15th International Conference on Advanced Computing and Communications (2007)Google Scholar
  22. 22.
    A.C. Snoeren et al., Single-packet IP traceback. IEEE/ACM Trans. Networking 10(6), 721–734 (2002)CrossRefGoogle Scholar
  23. 23.
    T. Baba, S. Matsuda, Tracing network attacks to their sources. IEEE Internet Comput. 6(3), 20–26 (2002)Google Scholar
  24. 24.
    J. Li et al., Large-scale IP traceback in high-speed internet: practical techniques and theoretical foundation, in Proceedings of IEEE Symposium Security and Privacy (S&P ’04) (2004), pp. 115–129Google Scholar
  25. 25.
    M.S. Siddiqui, S.O. Amin, C.S. Hong, Hop by hop traceback in wireless sensor networks. IEEE Comm. Lett. 16(2), 242–245 (2012)Google Scholar
  26. 26.
    B. Al-Duwariand, M. Govindarasu, Novel hybrid schemes employing packet marking and logging for IP traceback. IEEE Trans. Parallel Distrib. Syst. 17(5), 403–418 (2006)CrossRefGoogle Scholar
  27. 27.
    C. Gong, K. Sarac, A more practical approach for single-packet IP traceback using packet logging and marking. IEEE Trans. Parallel Distrib. Syst. 19(10), 1310–1324 (2008)CrossRefGoogle Scholar
  28. 28.
    K.H. Choi, H.K. Dai, A marking scheme using Huffman codes for IP traceback, in Proceedings of 7th Int. Symposium Parallel Architectures, Algorithms Networks (SPAN’04), Hong Kong, China (2004), pp. 421–428Google Scholar
  29. 29.
    S. Malliga, A. Tamilarasi, A hybrid scheme using packet marking and logging for IP traceback. Int. J. Internet Protocol Technol. 5(1/2), 81–91 (2010)CrossRefGoogle Scholar
  30. 30.
    M.H. Yang, M.C. Yang, RIHT: a novel hybrid IP traceback scheme. IEEE Trans. Inf. Forensics Secur. 7(2), 789–797 (2012)Google Scholar
  31. 31.
    H. Aljifri, M. Smets, A. Pons, IP Traceback using header compression. Comput. Secur. 22(2), 136–151 (2003)Google Scholar
  32. 32.
    Reuters ltd, Cisco gaining share in routers, switches. (The mercury news, London, 2002)Google Scholar
  33. 33.
    CAIDA’s Skitter Project CAIDA, 2010 [Online]. http://www.caida.org/tools/skitter/

Copyright information

© Springer India 2015

Authors and Affiliations

  • M. Vijayalakshmi
    • 1
  • N. Nithya
    • 1
  • S. Mercy Shalinie
    • 1
  1. 1.Department of Computer Science and EngineeringThiagarajar College of EngineeringMaduraiIndia

Personalised recommendations