Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Network and Parallel Computing

NPC 2012: Network and Parallel Computing pp 101–109Cite as

  1. Home
  2. Network and Parallel Computing
  3. Conference paper
MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis

MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis

  • Bo-Chao Cheng20,
  • Guo-Tan Liao20,
  • Ching-Kai Lin20,
  • Shih-Chun Hsu20,
  • Ping-Hai Hsu21 &
  • …
  • Jong Hyuk Park22 
  • Conference paper
  • 2289 Accesses

  • 2 Citations

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 7513)

Abstract

A denial-of-service (DoS) / distributed-denial-of-service (DDoS) attack may result in rapid resource depletion along the attack path. For stepping-stone and masquerading techniques typically used in DoS/DDoS attacks such as internet protocol (IP) or Media Access Control (MAC) address spoofing, tracing the intrusion back to the true attacker becomes a challenging task for network security engineers. Although the Internet Engineer Task Force (IETF) has proposed an Internet Control Message Protocol (ICMP) based Traceback solution, it faces severe difficulties in practice in regard to justifying the interoperability of deployed routers as well as the correctness of Traceback with multiple attack paths. This research proposes a novel approach to embed the essence of a management information base (MIB) into iTrace messages, named MIB-ITrace-CP, in order to improve the accuracy and efficiency of the original ICMP-based Traceback. Through our implementations on a Testbed@TWISC platform, we validated our approach and demonstrated the feasibility of practical network forensics.

Keywords

  • DoS
  • Spoofing
  • Forensics
  • Traceback
  • ITrace-CP

Download conference paper PDF

References

  1. US-CERT, Computer Forensics (2008), http://www.us-cert.gov/reading_room/forensics.pdf

  2. Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-Based IP Traceback. In: SIGCOMM 2001 (August 2001)

    Google Scholar 

  3. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network Support for IP Traceback. IEEE/ACM Transactions on Networking (TON) 9(3), 226–237 (2001)

    CrossRef  Google Scholar 

  4. Bellovin, S., Leech, M., Taylor, T.: ICMP Traceback Messages. Internet Draft (February 2003), http://www.ietf.org/proceedings/03mar/I-D/draft-ietf-itrace-04.txt

  5. Internet Engineer Task Force (IETF), http://www.ietf.org/

  6. Lee, H.C.J., Thing, V.L.L., Xu, Y., Ma, M.: ICMP Traceback with Cumulative Path, An Efficient Solution for IP Traceback. In: 5th International Conference on Information and Communications Security, pp. 124–135 (October 2003)

    Google Scholar 

  7. Thing, V.L.L., Lee, H.C.J., Sloman, M., Zhou, J.: Enhanced ICMP Traceback with Cumulative Path. In: IEEE 61st Vehicular Technology Conference (VTC 2005-Spring), vol. 4, pp. 2415–2419 (2005)

    Google Scholar 

  8. Tsunoda, H., Tochiori, T., Waizumi, Y., Kato, N., Nemoto, Y.: Improving the Efficiency of DoS Traceback Based on the Enhanced ITrace-CP Method for Mobile Environment (Invited Paper). In: Third International Conference on Communications and Networking in China (ChinaCom 2008), pp. 680–685 (2008)

    Google Scholar 

  9. Mankin, A., Massey, D., Wu, C.L., Wu, S.F., Zhang, L.: On Design and Evaluation of Intention-Driven ICMP Traceback. In: IEEE Int’ 10th Conf. Computer Communications and Networks, pp. 159–165. IEEE CS Press (2001)

    Google Scholar 

  10. Izaddoost, A., Othman, M., Rasid, M.F.A.: Accurate ICMP Traceback Model under DoS/DDoS ATTACK. In: 15th International Conference on Advanced Computing and Communications (ADCOM 2007), pp. 441–446 (December 2007)

    Google Scholar 

  11. IEEE Draft Standard for Management Information Base (MIB) Definitions for Ethernet. P802.3.1/D3.0 (November 2010)

    Google Scholar 

  12. Testbed@TWISC, Network Emulation Testbed, http://testbed.ncku.edu.tw/

Download references

Author information

Authors and Affiliations

  1. Dept. of Communications Engineering, National Chung Cheng University, Taiwan

    Bo-Chao Cheng, Guo-Tan Liao, Ching-Kai Lin & Shih-Chun Hsu

  2. Information and Communications Research, ITRI, Taiwan

    Ping-Hai Hsu

  3. Dept. of Computer Science and Engineering, SeoulTech, Korea

    Jong Hyuk Park

Authors
  1. Bo-Chao Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guo-Tan Liao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ching-Kai Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shih-Chun Hsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ping-Hai Hsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jong Hyuk Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, SeoulTech, 172 Gongreung 2-dong, Nowon-gu, 139-743, Seoul, Korea

    James J. Park

  2. School of Information Technologies, The University of Sydney, Building J12, 2006, Sydney, NSW, Australia

    Albert Zomaya

  3. Division of Computer Engineering, Mokwon University, 88 Do-An-Buk-Ro, Seo-gu, 302-729, Daejeon, Korea

    Sang-Soo Yeo

  4. Department of Computer and Information Science and Engineering, University of Florida, CSE 301, 32611, Gainesville, FL, USA

    Sartaj Sahni

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Cheng, BC., Liao, GT., Lin, CK., Hsu, SC., Hsu, PH., Park, J.H. (2012). MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis. In: Park, J.J., Zomaya, A., Yeo, SS., Sahni, S. (eds) Network and Parallel Computing. NPC 2012. Lecture Notes in Computer Science, vol 7513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35606-3_12

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-35606-3_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35605-6

  • Online ISBN: 978-3-642-35606-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature