Skip to main content

Identifying DOS and DDOS Attack Origin: IP Traceback Methods Comparison and Evaluation for IoT

  • Conference paper
  • First Online:
Interoperability, Safety and Security in IoT (SaSeIoT 2016, InterIoT 2016)

Abstract

Society is faced with the ever more prominent concerns of vulnerabilities including hacking and DoS or DDoS attacks when migrating to new paradigms such as Internet of Things (IoT). These attacks against computer systems result in economic losses for businesses, public organizations and privacy disclosures. The IoT presents a new soft surface for attack. Vulnerability is now found in a multitude of personal and private devices that previously lacked connectivity. The ability to trace back to an attack origin is an important step in locating evidence that may be used to identify and prosecute those responsible. In this theoretical research, IP traceback methods are compared and evaluated for application, and then consolidated into a set of metrics for potential use against attackers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 60.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Specht, S., Lee, R.: Distributed denial of service: taxonomies of attacks, tools and countermeasures. In: International Conference on Parallel and Distributed Computing Systems, pp. 543–550. San Francisco, CA, USA: CiteSeerX (2004)

    Google Scholar 

  2. Kumar, K., Sngal, A., Bhandari, A.: Traceback techniques against DDoS attacks: a comprehensive review. In: 2011 2nd International Conference on Computer and Communication Technology (ICCCT), pp. 491–498. IEEE, Allahabad, India (2011)

    Google Scholar 

  3. CERT Coordination Center.: Cert Advisories: CA-2000-01 denial of service developments. CERT Software Engineering Institute. http://www.cert.org/historical/advisories/ca-2000-01.cfm (2015)

  4. Chen, T., Tsai, J., Gerla, M.: QoS routing performance in multihop, multimedia, wireless networks. In: IEEE 96th International Conference on Universal Personal Communications Record, vol. 2, pp. 557–561. IEEE, San Diego (1997)

    Google Scholar 

  5. Eddy, W.: TCP SYN flooding attacks and common mitigations, RFC4987. IETF: https://tools.ietf.org/html/rfc4987 (2007)

  6. Lemon, J.: Resisting SYN flood DoS attacks with a SYN cache. In: 2nd European BSD Conference, pp. 89–98. Amsterdam, The Netherlands: USENIX (2002)

    Google Scholar 

  7. Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. Rev. 31(3), 38–47 (2001)

    Article  Google Scholar 

  8. Gilad, Y., Herzberg, A.: LOT: a defense against IP spoofing and flooding attacks. ACM Trans. Inf. Syst. Secur. 15(2), 6 (2012)

    Article  Google Scholar 

  9. Kashyap, H., Bhattacharyya, D.: A DDos attack detection mechanism based on protocol specific traffic features. In: Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology, CCSEIT 2012, pp. 194–200. ACM, New York (2012)

    Google Scholar 

  10. Yao, G., Bi, J., Vasilakos, A.: Passive IP traceback: disclosing the locations of IP spoofers from path backscatter. IEEE Trans. Inf. Forensics Secur. 10(3), 471–484 (2015)

    Article  Google Scholar 

  11. Ho, C.: Email forensics: tracing and mapping digital evidence from my address. Unpublished Master’s Thesis (2010)

    Google Scholar 

  12. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network support for IP tracback. IEEE/ACM Trans. Netw. 9(3), 226–237 (2001)

    Article  Google Scholar 

  13. Burch, H., Cheswick, B.: Tracing anonymous packets to their approximate source. In: Proceedings of the 14th USENIX conference on System Administration, LISA 2000, pp. 319–328. Berkeley, CA, USA: USENIX Association Berkeley (2002)

    Google Scholar 

  14. Bellovin, S.: ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt (2002)

    Google Scholar 

  15. Lee, H.C.J., Thing, V.L.L., Xu, Y., Ma, M.: ICMP traceback with cumulative path, an efficient solution for IP traceback. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 124–135. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39927-8_12

    Chapter  Google Scholar 

  16. Izaddoost, A., Othman, M, Rasid, M.: Accurate ICMP traceback model under DoS/DDoS attack. In: Proceedings of the 15th International Conference on Advanced Computing and Communications, ADCOM 2007, pp. 441–446. IEEE Computer Society, Washington, DC, USA (2007)

    Google Scholar 

  17. Sager, G.: Security fun with OCxmon and cflowd. Presentation at the Internet 2 Working Group (1998)

    Google Scholar 

  18. Song, D., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings of Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2001, vol. 2, pp. 878–886. IEEE, Anchorage, AK, USA (2001)

    Google Scholar 

  19. Snoeren, A., Partridge, C., Sanchez, L., Jones, S., Tchakountio, F., Schwartz, B., Kent, S., Strayer, W.: Single-packet IP traceback. IEEE/ACM Trans. Netw. 10(6), 721–734 (2002)

    Article  Google Scholar 

  20. Ponec, M., Giura,P., Brönnimann, H., Wein, J.: Highly efficient techniques for network forensics. In: Proceedings of the 14th ACM Conference on Computer and Communication Security, CCS 2007, pp. 150–160. ACM, New York (2007)

    Google Scholar 

  21. Sung, M., Xu, J.J., Li, J., Li, L.E.: Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation. http://www.cc.gatech.edu/~mhsung/pub/ddos_sp.pdf (2008)

  22. Devasundaram, S.: Performance evaluation of a TTL-based dynamic marking scheme in IP traceback. University of Akron, Akron (2006)

    Google Scholar 

  23. Wang, H., Jin, C., Shin, K.: Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Trans. Netw. 15(1), 40–53 (2007)

    Article  Google Scholar 

  24. KrishnaKumar, B., Kumar, P., Sukanesh.: Hop count based packet processing approach to counter DDoS attacks. In: International Conference on Recent Trends in Information, Telecommunication and Computing (ITC), pp. 271–273. IEEE, Kochi (2010)

    Google Scholar 

  25. Yang, M., Luo, J.: High accuracy and low storage hybrid IP traceback. In: 2014 International Conference on Computer, Information and Telecommunication Systems (CITS), pp. 1–5. IEEE, Jeju (2014)

    Google Scholar 

  26. Park, P., Yi. H., Hong, S., Ryu, J.: An effective defense mechanism against DoS/DDoS attacks in flow-based routers. In: The 8th International Conference on Advances in Mobile Computing and Multimedia, pp. 442–446. ACM, Paris (2010)

    Google Scholar 

  27. Dang, X., Albright, E., Abonamah, A.: Performance analysis of probabilistic packet marking in IPv6. Comput. Commun. 30(16), 3193–3202 (2007)

    Article  Google Scholar 

  28. Michiko, H., Naoyuki, K., Daisaku, T.: Implementation of probabilistic packet marking for IPv6 traceback. IPSI BgD Trans. Internet Res. 1(1), 54–58 (2005)

    Google Scholar 

  29. Amin, S., Hong, C., Kwak, D., Lee, J.: IPv6 traceback using policy based management system. Korean Netw. Oper. Manag. 9(2), 1–7 (2006)

    Google Scholar 

  30. Yan, Q., He, X., Ning, T.: An improved dynamic probabilistic packet marking for IP traceback. Int. J. Comput. Netw. Inf. Secur. 2(2), 47–53 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Brian Cusack .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Cusack, B., Tian, Z., Kyaw, A.K. (2017). Identifying DOS and DDOS Attack Origin: IP Traceback Methods Comparison and Evaluation for IoT. In: Mitton, N., Chaouchi, H., Noel, T., Watteyne, T., Gabillon, A., Capolsini, P. (eds) Interoperability, Safety and Security in IoT. SaSeIoT InterIoT 2016 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 190. Springer, Cham. https://doi.org/10.1007/978-3-319-52727-7_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52727-7_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52726-0

  • Online ISBN: 978-3-319-52727-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics