Abstract
Society is faced with the ever more prominent concerns of vulnerabilities including hacking and DoS or DDoS attacks when migrating to new paradigms such as Internet of Things (IoT). These attacks against computer systems result in economic losses for businesses, public organizations and privacy disclosures. The IoT presents a new soft surface for attack. Vulnerability is now found in a multitude of personal and private devices that previously lacked connectivity. The ability to trace back to an attack origin is an important step in locating evidence that may be used to identify and prosecute those responsible. In this theoretical research, IP traceback methods are compared and evaluated for application, and then consolidated into a set of metrics for potential use against attackers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Specht, S., Lee, R.: Distributed denial of service: taxonomies of attacks, tools and countermeasures. In: International Conference on Parallel and Distributed Computing Systems, pp. 543–550. San Francisco, CA, USA: CiteSeerX (2004)
Kumar, K., Sngal, A., Bhandari, A.: Traceback techniques against DDoS attacks: a comprehensive review. In: 2011 2nd International Conference on Computer and Communication Technology (ICCCT), pp. 491–498. IEEE, Allahabad, India (2011)
CERT Coordination Center.: Cert Advisories: CA-2000-01 denial of service developments. CERT Software Engineering Institute. http://www.cert.org/historical/advisories/ca-2000-01.cfm (2015)
Chen, T., Tsai, J., Gerla, M.: QoS routing performance in multihop, multimedia, wireless networks. In: IEEE 96th International Conference on Universal Personal Communications Record, vol. 2, pp. 557–561. IEEE, San Diego (1997)
Eddy, W.: TCP SYN flooding attacks and common mitigations, RFC4987. IETF: https://tools.ietf.org/html/rfc4987 (2007)
Lemon, J.: Resisting SYN flood DoS attacks with a SYN cache. In: 2nd European BSD Conference, pp. 89–98. Amsterdam, The Netherlands: USENIX (2002)
Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. Rev. 31(3), 38–47 (2001)
Gilad, Y., Herzberg, A.: LOT: a defense against IP spoofing and flooding attacks. ACM Trans. Inf. Syst. Secur. 15(2), 6 (2012)
Kashyap, H., Bhattacharyya, D.: A DDos attack detection mechanism based on protocol specific traffic features. In: Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology, CCSEIT 2012, pp. 194–200. ACM, New York (2012)
Yao, G., Bi, J., Vasilakos, A.: Passive IP traceback: disclosing the locations of IP spoofers from path backscatter. IEEE Trans. Inf. Forensics Secur. 10(3), 471–484 (2015)
Ho, C.: Email forensics: tracing and mapping digital evidence from my address. Unpublished Master’s Thesis (2010)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network support for IP tracback. IEEE/ACM Trans. Netw. 9(3), 226–237 (2001)
Burch, H., Cheswick, B.: Tracing anonymous packets to their approximate source. In: Proceedings of the 14th USENIX conference on System Administration, LISA 2000, pp. 319–328. Berkeley, CA, USA: USENIX Association Berkeley (2002)
Bellovin, S.: ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt (2002)
Lee, H.C.J., Thing, V.L.L., Xu, Y., Ma, M.: ICMP traceback with cumulative path, an efficient solution for IP traceback. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 124–135. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39927-8_12
Izaddoost, A., Othman, M, Rasid, M.: Accurate ICMP traceback model under DoS/DDoS attack. In: Proceedings of the 15th International Conference on Advanced Computing and Communications, ADCOM 2007, pp. 441–446. IEEE Computer Society, Washington, DC, USA (2007)
Sager, G.: Security fun with OCxmon and cflowd. Presentation at the Internet 2 Working Group (1998)
Song, D., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings of Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2001, vol. 2, pp. 878–886. IEEE, Anchorage, AK, USA (2001)
Snoeren, A., Partridge, C., Sanchez, L., Jones, S., Tchakountio, F., Schwartz, B., Kent, S., Strayer, W.: Single-packet IP traceback. IEEE/ACM Trans. Netw. 10(6), 721–734 (2002)
Ponec, M., Giura,P., Brönnimann, H., Wein, J.: Highly efficient techniques for network forensics. In: Proceedings of the 14th ACM Conference on Computer and Communication Security, CCS 2007, pp. 150–160. ACM, New York (2007)
Sung, M., Xu, J.J., Li, J., Li, L.E.: Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation. http://www.cc.gatech.edu/~mhsung/pub/ddos_sp.pdf (2008)
Devasundaram, S.: Performance evaluation of a TTL-based dynamic marking scheme in IP traceback. University of Akron, Akron (2006)
Wang, H., Jin, C., Shin, K.: Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Trans. Netw. 15(1), 40–53 (2007)
KrishnaKumar, B., Kumar, P., Sukanesh.: Hop count based packet processing approach to counter DDoS attacks. In: International Conference on Recent Trends in Information, Telecommunication and Computing (ITC), pp. 271–273. IEEE, Kochi (2010)
Yang, M., Luo, J.: High accuracy and low storage hybrid IP traceback. In: 2014 International Conference on Computer, Information and Telecommunication Systems (CITS), pp. 1–5. IEEE, Jeju (2014)
Park, P., Yi. H., Hong, S., Ryu, J.: An effective defense mechanism against DoS/DDoS attacks in flow-based routers. In: The 8th International Conference on Advances in Mobile Computing and Multimedia, pp. 442–446. ACM, Paris (2010)
Dang, X., Albright, E., Abonamah, A.: Performance analysis of probabilistic packet marking in IPv6. Comput. Commun. 30(16), 3193–3202 (2007)
Michiko, H., Naoyuki, K., Daisaku, T.: Implementation of probabilistic packet marking for IPv6 traceback. IPSI BgD Trans. Internet Res. 1(1), 54–58 (2005)
Amin, S., Hong, C., Kwak, D., Lee, J.: IPv6 traceback using policy based management system. Korean Netw. Oper. Manag. 9(2), 1–7 (2006)
Yan, Q., He, X., Ning, T.: An improved dynamic probabilistic packet marking for IP traceback. Int. J. Comput. Netw. Inf. Secur. 2(2), 47–53 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Cusack, B., Tian, Z., Kyaw, A.K. (2017). Identifying DOS and DDOS Attack Origin: IP Traceback Methods Comparison and Evaluation for IoT. In: Mitton, N., Chaouchi, H., Noel, T., Watteyne, T., Gabillon, A., Capolsini, P. (eds) Interoperability, Safety and Security in IoT. SaSeIoT InterIoT 2016 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 190. Springer, Cham. https://doi.org/10.1007/978-3-319-52727-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-52727-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-52726-0
Online ISBN: 978-3-319-52727-7
eBook Packages: Computer ScienceComputer Science (R0)