A Proposal of Extension of FMS-Based Mechanism to Find Attack Paths

  • Byung-Ryong Kim
  • Ki-Chang Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3982)


With the increase of internet service providers(companies) for the rapidly growing numbers of internet users in recent years, malicious attackers has been growing too. Due to these attacks, corporate image can be impaired significantly by such damages as increditable service quality and unstable service, which can lead to fatal flaws. Among the malicious attacks, DoS(Denial-of-Service) is the most damaging and frequently reported form of internet attacks. Because DoS attacks employ IP spoofing to disguise the IP and hide the identity of the attacker’s location, the correct address of attacker is not traceable only with the source IP address of packets received from damaged systems. Effective measures for the DoS attacks are not developed yet and even if defence is made for this attacks practically it is possible to repeatedly undergo attacks by the same attackers. In this point of view, in order to provide an effective countermeasure this study proposes mechanism to find out attack source by tracing the attack path using marking algorithms and then finding MAC address of attack source. In addition this study proposes technique to improve the packet arrival rate in marking algorithm and presents more effective measure with better performance to find attackers by enabling more prompt trace of the attack location


Arrival Rate Internet Service Provider Identification Field Distance Data Packet Arrival Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Computer Emergency Response Team (CERT), CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal Connections (January 1995),
  2. 2.
    Computer Emergency Response Team (CERT), CERT Advisory CA-2000-01 Denial-of-service developments (January 2000),
  3. 3.
    Crosby, S.A., Wallach, D.S.: Denial of Service via Algorithmic Complexity Attacks. In: Proceedings of the 12th USENIX Security Symposium (2003)Google Scholar
  4. 4.
    Project IDS - Intrusion Detection System (2002),
  5. 5.
    Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proc. IEEE INFOCOM (April 2001)Google Scholar
  6. 6.
    Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proc. of ACM SIGCOMM, August 2000, pp. 295–306 (2000)Google Scholar
  7. 7.
    Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2267 (January 1998)Google Scholar
  8. 8.
    Sager, G.: Security Fun with Ocxmon and Cflowd. Presentation at the Internet 2 Working Group (November 1998)Google Scholar
  9. 9.
    Computer Emergency Response Team, CERT (2002),
  10. 10.
    Curry, D.A.: UNIX System Security, pp. 36–80. Addison Wesley, Reading (1992)Google Scholar
  11. 11.
    Dellovin, S.M.: The ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt (March 2000),
  12. 12.
    Stone, R.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. To appear in Proceedings of thje 2000 USENIX Security Symposium, Denver, CO (July 2000) Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Byung-Ryong Kim
    • 1
  • Ki-Chang Kim
    • 2
  1. 1.School of Computer Science and EngineeringInha Univ.IncheonKorea
  2. 2.School of Information and Communication EngineeringInha Univ.IncheonKorea

Personalised recommendations