Abstract
Denial-of-Service (DoS) attacks with fake source IP addresses have become a major threat to the Internet. Intrusion detection systems are often used to detect DoS attacks. However, DoS attack packets attempt to exhaust resources, degrading network performance or, even worse, causing network breakdown. The proposed proactive approach is allocating the original attack host(s) issuing the attacks and stopping the malicious traffic, instead of wasting resources on the attack traffic.
Ant colony based traceback approach is presented in this study to identify the DoS attack original source IP address. Instead of creating a new function or processing a high volume of fine-grained data, the proposed IP address traceback approach uses flow level information to identify the origin of a DoS attack.
The proposed method is evaluated through simulation on various network environments. The simulation results show that the proposed method can successfully and efficiently find the DoS attack path in various simulated network environments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Computer Security Institute, CSI/FBI Computer Crime and Security Survey (2003), http://www.crime-research.org/news/11.06.2004/423/
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network Support for IP Traceback. IEEE/ACM Trans. Networking 9(3), 226–237 (2001)
Song, D., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proc. IEEE INFOCOM, pp. 878–886. IEEE CS Press, Los Alamitos (2001)
Soneren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tachakountio, F., Schwartz, B., Kent, S.T., Strayer, W.T.: Single-packet IP Traceback, IEEE/ACM Trans. Networking, 10(6), 721–734 (2002)
Strayer, W.T., Jones, C.E., Tachakountio, F., Schwartz, B., Clements, R.C., Condell, M., Partridge, C.: ”Traceback of Single IP Packets Using SPIE,” Proc. DARPA information Survivability Conference and Exposition– vol. 2 April 22 -24, Washington, DC. pp. 266 (2003)
Upton, G.: Swarm Intelligence, http://www.cs.earlham.edu/~uptongl/project/Swarm_Intelligence.html
Dorigo, M., Maniezzo, V., Colorni, A.: ” The Ant System: An Autocatalytic Optimizing Process,” Technical Report No. 91-016 Revised, Politecnico di Milano, Italy (1991)
Gong, Y.: Detecting Worms and Abnormal Activities with NetFlow, http://www.securityfocus.com/infocus/1796
Scientific Linux, https://www.scientificlinux.org/
Flow-tools information, http://www.splintered.net/sw/flow-tools/
Stanford Stream data manager, http://www-db.stanford.edu/stream/
VMware, http://www.vmware.com/
zebra, http://www.zebra.org/
fprobe, http://fprobe.sourceforge.net/
hping, http://www.hping.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, CM., Jeng, B.C., Yang, C.R., Lai, G.H. (2006). Tracing Denial of Service Origin: Ant Colony Approach. In: Rothlauf, F., et al. Applications of Evolutionary Computing. EvoWorkshops 2006. Lecture Notes in Computer Science, vol 3907. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11732242_26
Download citation
DOI: https://doi.org/10.1007/11732242_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33237-4
Online ISBN: 978-3-540-33238-1
eBook Packages: Computer ScienceComputer Science (R0)