Ip Traceback Research Papers - Academia.edu (original) (raw)

This paper gives the idea of Vulnerabilities present in protocols, Also detail study of DoS attacks and the scenario of how DoS attacks can happen on internet its defence mechanisms. There are many solutions proposed by many author to avoid DoS and DDoS attacks and that are discussed in this paper. This paper provides classification of attacks, and the defence mechanisms that can be used to detect the DDoS and DoS attack.

- by
- •
- Computer Science, DoS Attack, Network Protocols, Virus

Several IP Traceback schemes employing packet marking have been proposed to trace DoS/DDoS attacks that use source address spoofing. The major challenges in the design of an efficient traceback technique are to minimize the number of packets required for successful traceback, and also to reduce the number of bits marked per packet by any router along the attack path. We propose a graph-coloring approach here that specifically addresses these issues. We propose to view the deployment of the traceback-enabled routers as an Internet Traceback Overlay Network, which not only provides easy scalability and incremental deployment, but also allows for the spatial reuse of the router labels used for packet marking, directly resulting in a reduced bit-space, and hence in fewer packets required for successful traceback. We additionally propose an enhanced (logical) partitioned coloring technique to achieve an order of magnitude improvement over the best known schemes today. We also propose a 2-tier architecture that provides greater incentives for deployment to different ISP networks worldwide. We analyze the proposed techniques using real Internet AS-level topologies obtained from various sources.

- by M. Alicherry
- •
- Graph Coloring, Ip Traceback, Overlay Network, DDOS Attack

Network forensics deals with the capture, recording and analysis of network events in order to discover evidential information about the source of security attacks in a court of law. This paper discusses the different tools and techniques available to conduct network forensics. Some of the tools discussed include: eMailTrackerPro – to identify the physical location of an email sender; Web Historian – to find the duration of each visit and the files uploaded and downloaded from the visited website; packet sniffers like Ethereal – to capture and analyze the data exchanged among the different computers in the network. The second half of the paper presents a survey of different IP traceback techniques like packet marking that help a forensic investigator to identify the true sources of the attacking IP packets. We also discuss the use of Honeypots and Honeynets that gather intelligence about the enemy and the tools and tactics of network intruders.

The Internet architecture exposes the users to different types of digital attacks and threats. Denial of service (DoS) is a common attack which may cause huge damage to a victim. The prevention of such attacks is a challenge even for overprovisioned and up-to-date computers. As a consequence, the best way to inhibit DoS attacks is to be ready to react to those attacks on the fly. One such reactive mechanism is IP traceback. Such mechanism is important, since packets with spoofed source addresses are employed to disguise the actual source of the attack. This chapter presents the most common techniques used to combat DoS attacks in the Internet. Different IP traceback systems proposed in the literature are also analyzed in detail. At last, a stateless single-packet IP traceback system is introduced.

- by luis henrique moraes
- •
- DoS Attack, Internet Architecture, Denial of Service, Ip Traceback
- by Jaipal Singh
- •
- Forensics, Machine Learning, Data Mining, Pervasive Computing

IP traceback is considered to be one of the promising countermeasures against Distributed Denial of Service (DDoS) attacks. IP traceback protocols must be effective as well as simple enough to be efficiently executed. However, there is almost no such an IP traceback protocol.
In this paper, we consider an IP traceback protocol proposed by Muthuprasanna and Manimaran [1] (STE scheme for short) and shall propose a new, efficient, and adaptive IP traceback scheme, which is partly based on STE. Simply speaking, our scheme is efficient since it adaptively changes marking probabilities to decrease the number of marking bits. In this paper, we conduct theoretical and numerical analyses of our scheme in detail and show that our scheme is more efficient than STE in terms of marking bit length and the number of packets for attack path recovery. The result is also supported by simulation experiments.

- by Masakazu Soshi
- •
- Information Security, Computer Networks, Computer Security, Networking

Distributed applications use Bloom filters to transmit large sets in a compact form. However, attackers can easily disrupt these applications by using or advertising saturated filters. In this paper we introduce the Generalized Bloom Filter (GBF), a space-efficient data structure to securely represent a set in distributed applications, such as IP traceback, web caching, and peer-to-peer networks. Different from the standard Bloom filter, the GBF has an upper bound on the false-positive probability, limiting the effect of these attacks. The key idea of the GBF is to not only set, but also reset bits of the filter at each insertion. This procedure limits the false positives at the expense of introducing false negatives in membership queries. We derive expressions for the false-positive and false-negative rates and show that they are both upper-bounded in the GBF. We conduct simulations that validate the derived expressions and explore the tradeoffs of this data structure.

- by Pedro Veloso
- •
- Engineering, Technology, Advertising, Network Security

The importance of convolutional codes is well established. They are widely used to encode digital data before transmission through noisy or error-prone communication channels to reduce occurrence of errors and memory. This paper presents novel decoding technique, memoryless Hybrid Register Exchange with simulation and FPGA implementation results. It requires single register as compared to Register Exchange Method (REM) & Hybrid Register Exchange Method (HREM); therefore the data transfer operations and ultimately the switching activity will get reduced.

We propose a simple and robust mechanism for detecting SYN flooding attacks. Instead of monitoring the ongoing traffic at the front end (like firewall or proxy) or a victim server itself, we detect the SYN flooding attacks at leaf routers that connect end hosts to the Internet. The simplicity of our detection mechanism lies in its statelessness and low computation overhead, which make the detection mechanism itself immune to flooding at-

- by Danlu Zhang
- •
- Ip Traceback, Front end, Change Point Detection

Marking and Mark-based Detection to the field of IP Traceback. In Dynamic Marking it is possible to find the attack agents in a large scale DDoS network. Moreover, in the case of a DRDoS it enables the victim to trace the attack one step further back to the source, to find a master machine or the real attacker with only a few numbers of packets. The proposed marking procedure increases the possibility of DRDoS attack detection at the victim through Mark-based Detection. In Mark-based method, the detection engine takes into account the marks of the packets to identify varying sources of a single site involved in a DDoS attack. This significantly increases the probability of detection. In order to satisfy the end-to-end arguments approach, fate-sharing and also respect to the need for scalable and applicable schemes, only edge routers implement our simple marking procedure. The delay and bandwidth overhead added to the edge routers is fairly negligible.

- by Babak Sadeghian and +1
- •
- Icon, ICON, Ip Traceback, Boolean Satisfiability

IP source address spoofing exploits a fundamental weakness in the Internet Protocol. It is exploited in many types of network-based attacks such as session hijacking and Denial of Service (DoS). Ingress and egress filtering is aimed at preventing IP spoofing. Techniques such as History based filtering are being used during DoS attacks to filter out attack packets. Packet marking techniques are being used to trace IP packets to a point that is close as possible to their actual source. Present IP spoofing countermeasures are hindered by compatibility issues between IPv4 and IPv6, implementation issues and their effectiveness under different types of attacks. We propose a topology based packet marking method that builds on the flexibility of packet marking as an IP trace back method while overcoming most of the shortcomings of present packet marking techniques.

- by Harendra Alwis
- •
- DoS Attack, Internet Routing Protocol, Denial of Service, Ip Traceback

The identification of the exact path that packets
are routed in the network is quite a challenge. This paper
presents a novel, efficient traceback strategy named Tracemax
in context of a defense system against distributed denial of
service (DDoS) attacks. A single packet can be directly traced
over many more hops than the current existing techniques
allow. In combination with a defense system it differentiates
between multiple connections. It aims to letting good connections
pass while bad ones get thwarted. The novel concept allows
detailed analyses of the traffic and the transmission path through
the network. The strategy can effectively reduce the effect of
common bandwidth and resource consumption attacks, foster
early warning and prevention as well as higher the availability
of the network services for the wanted customers.

- by Gabi Dreo Rodosek and +1
- •
- Network Security, Computer Networks, Network Management, Packet Tracer

The Source Path Isolation Engine (SPIE) is a system capable of tracing a single IP packet to its point of origin or point of ingress into a network. SPIE supports tracing by scoring a few bits of unique information about each packet for a period of time as the packets traverse the network. Software implementations of SPIE can trace packets through networks comprised of slow-to-medium speed routers (up to OC-12), but higher-speed routers (OC-48 and faster) require hardware support. In this paper, we discuss these hardware design aspects of SPIE. Most of the hardware resides in a self-contained SPIE processing unit, which may be implemented in a line card form factor for insertion into the router itself or as a stand-alone unit that connects to the router through an external interface

- by Luis Sánchez
- •
- Hardware Design, Software Implementation, Ip Traceback, Form Factor

Abstract IP source address spoofing exploits a fundamental weakness in the Internet Protocol. It is exploited in many types of network-based attacks such as session hijacking and Denial of Service (DoS). Ingress and egress filtering is... more

- by Morshed Chowdhury
- •
- DoS Attack, Internet Routing Protocol, Denial of Service, Ip Traceback

Denial-of-service (DoS) attacks pose an increasing threat to today's Internet. One major difficulty to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Probabilistic packet marking algorithm (PPM), allows the victim to trace back the appropriate origin of spoofed IP source address to disguise the true origin. In this paper we propose a technique that efficiently encodes the packets than the Savage probabilistic packet marking algorithm and reconstruction of the attack graph. This enhances the reliability of the probabilistic packet marking algorithm.

- by yerram bhavani
- •
- Distributed Denial of Service Attack, Ip Traceback, IPv6 IP traceback

Because so many decades World Wide Web has been used broadly in numerous fields, network safety problems include the main matter. IP traceback is just the actual method to understand the actual purpose, it reconstructs IP packets traversed path inside the World Wide Web to determine their own roots. IP Traceback may be an important ability for characteristics sources of attacks and Starting protection measures for the Internet. This paper discovers different IP Traceback approaches. This comparative paper provides as well as extends many technologies to prevent the secured information from the network issues by using different IP traceback techniques.

- by J4R - Journal for Research
- •
- Ip Traceback, Packet Marking

On most denial-of-service (DoS) attacks, packets with spoofed source addresses are employed in order to disguise the true origin of the attacker. A defense strategy is to trace attack packets back to their actual source in order to make the attacker accountable and isolate him from the network. To date, the proposed traceback systems require either large amounts of storage space on router-connected devices or a sufficient number of received attack packets. In this paper, we propose a new IP traceback system capable of determining the source of every packet received by the victim without storing state in the network infrastructure. For practical purposes, a generalization of the Bloom-filter theory is developed and evaluated. Analytical results are presented to show the efficacy of the proposed system.

- by Daniel Cunha
- •
- DoS Attack, Distributed Denial of Service Attack, Bloom Filter, Denial of Service

because so many decades World Wide Web has been used broadly in numerous fields, network safety problems include the main matter. IP traceback is just the actual method to understand the actual purpose, it reconstructs IP packets traversed path inside the World Wide Web to determine their own roots. IP Traceback may be an important ability for characteristics sources of attacks and Starting protection measures for the Internet. This paper discovers different IP Traceback approaches. This comparative paper provides as well as extends many technologies to prevent the secured information from the network issues by using different IP traceback techniques.

- by J4R - Journal for Research
- •
- Ip Traceback, Packet Marking

This paper proposes an IP traceback mechanism for a large scale distributed online system. The proposed system is based on replication and tolerates arbitrary failures of servers. The service based on security concerns of server is implemented by IP trace back system based on Deterministic Packet Marking scheme (DPM). One of the major intimidations to the current networks is Distributed Denial of Service (DDoS) attack. Although many mechanisms are developed to detect the origin of DDoS attacks. The main issue concerned with detection systems is IP spoofing. As the detection scheme relies only on the marked information in the packet header fields, the source of the spoofed packets can also be accurately identified. It provides a protective system with ability to reconstruct the source IP when required. The main objective of this paper is to propose an effective trace back mechanism for DDoS attacks using Extended-DPM scheme. The proposed scheme is applied to an online system, which in turn improves the security process involved in the system. It resolves the disadvantages of existing methods by increasing throughput of processing server.

- by Soundar Rajam.V.K
- •
- Information Security, Computer Networks, Computer Security, Ip Traceback
- by PRADNYA RANE
- •
- Computer Science, DoS Attack, Network Protocols, Virus

- by Harendra Alwis
- •
- Computer Science, DoS Attack, Internet Routing Protocol, Denial of Service

- by Pedro Veloso
- •
- DoS Attack, Internet Architecture, Denial of Service, Ip Traceback

This work proposes the low power implementation of Viterbi Decoder. Majority of viterbi decoder designs in the past use simple Register Exchange or Traceback method to achieve very high speed and low power decoding respectively, but it suffers from both complex routing and high switching activity. Here simplification is made in survivor memory unit by storing only m-1 bits to identify previous state in the survivor path, and by assigning m-1 registers to decision vectors. This approach eliminates unnecessary shift operations. Also for storing the decoded data only half memory is required than register exchange method. In this paper Hybrid approach that combines both Traceback and Register Exchange schemes has been applied to the viterbi decoder design. By using distance properties of encoder we further modified to minimum transition hybrid register exchange method. It leads to lower dynamic power consumption because of lower switching activity. Dynamic power estimation obtained through gate level simulation indicates that the proposed design reduces the power dissipation of a conventional viterbi decoder design by 30%.

- by Luis Sanchez
- •
- Distributed Computing, Computer Software, Next Generation, Ip Traceback

- by Luis Sánchez
- •
- Distributed Computing, Computer Software, Next Generation, Ip Traceback

Mobile multi-hop networks Denial of Service (DoS) attack Distributed DoS (DDoS) attack a

- by Ahmed Helmy
- •
- Distributed Computing, DoS Attack, Risk Analysis, Ad Hoc Networks

IP spoofing is one of the most common network threats today. While current IP Traceback techniques are capable of identifying the source of a message, they are limited by the huge number of messages that routers have to store to provide this facility. One way to reduce the storage overhead is to store the messages as indices in a Bloom filter. Current systems use Bloom filters at a router to know if a given message has gone through that router. However, often there is a need to know if a similar message has traversed through the router. This calls for similarity measures in the context of Bloom filters. In this paper, we develop such similarity measures (coefficients) in the context of two specialized Bloom filters---Hierarchical Bloom filter (HBF) and Winnowing Block Shingling (WBS). We compare the efficacy of these similarity measures with the Jaccard similarity coefficient. Simulations were carried out to evaluate the measures. The results indicate that HBF-measure is an optimistic metric and WBS-similarity is a pessimistic measure. Jaccard measure falls between the two. We propose a weighted metric that combines all the metrics and is more flexible than the individual measures.

- by Venkatachalam Chandrasekaran
- •
- Network Forensics, Bloom Filter, Ip Traceback, Ip Spoofing

In this paper, we present the design and implementation of a programmable and extensible router architecture. The proposed architecture not only provides the conventional packet forward/routing functions, but also the flexibility to integrate additional services (or extension) into a router. These extensions are dynamically loadable modules so one can easily deploy new services, such as reliability and security enhancement, onto the router in a dynamic and incremental fashion. To avoid new extensions that may monopolize system resource and degrade the performance of normal packet forwarding/routing function, we propose a novel CPU resource reservation scheme which facilitates the efficient use of resources and increases the stability of extension execution. To illustrate the ''extensibility'' and ''effectiveness'' of the proposed architecture, we present the results of a new service, namely, how to perform ''Distributed Denial-of-Service (DDoS) attack traceback''. In particular, we illustrate the deployment of the probabilistic marking in performing IP traceback. Note that this approach requires the collaboration of routers so that effective traceback can be performed. Currently, the programmable router platform is released as an open source 1 and we believe the system provides an ideal platform for researchers to experiment and to validate new services and protocols.

- by John Lau
- •
- Information Systems, Computer Science, Open Source, Computer Software

Abstract In any Distributed Denial of Service (DDoS) attack, invaders may use incorrect or spoofed Internet Protocol (IP) addresses in the attacking packets and thus disguise the actual origin of the attacks. This is primarily due to the... more

While voice over IP (VoIP) services have brought many desirable communication features to the general public, they have also become a medium through which criminals communicate and conduct illegal activities e.g., fraud and blackmail without being intercepted by law enforcement agencies (LEAs). Previous research on IP traceback focused on tracking IP addresses on the network layer. The mechanisms developed thus far, however, require an inefficient and sometimes infeasibly large amount of router and network support. In this paper, we propose a collaborative forensics mechanism that cooperates with related network operators (NWO) and service providers (SvP) in tracing back VoIP calls without depending on routers throughout the full trace path. We discuss the various kinds of attacks of VoIP services and the characteristics of VoIP service requests as they pertain to those attacks. Additionally, we propose a procedure for identifying forged header field values (HFVs) on SIP requests, and introduce the concept of active forensics. This can lead to a reduction in the probability of important information being deleted by the time collaborative forensics is initiated, and thus assist law enforcement agencies in intercepting criminals. We also describe extended applications for traceback for attacks resulting in Distributed Denial of Service and those involving mobile phones.

- by Hsien-Ming Hsu
- •
- Computer Science, Digital Investigation, Voice over IP, Law Enforcement

— IP source address spoofing exploits a fundamental weakness in the Internet Protocol. It is exploited in many types of network-based attacks such as session hijacking and Denial of Service (DoS). Ingress and egress filtering is aimed at preventing IP spoofing. Techniques such as History based filtering are being used during DoS attacks to filter out attack packets. Packet marking techniques are being used to trace IP packets to a point that is close as possible to their actual source. Present IP spoofing countermeasures are hindered by compatibility issues between IPv4 and IPv6, implementation issues and their effectiveness under different types of attacks. We propose a topology based packet marking method that builds on the flexibility of packet marking as an IP trace back method while overcoming most of the shortcomings of present packet marking techniques.

- by Harendra Alwis
- •
- Computer Science, DoS Attack, Internet Routing Protocol, Denial of Service

Distributed Denial of Service (DDoS) attack is an unavoidable attack. Among various attacks on the network, DDoS attacks are difficult to detect because of IP spoofing. The IP traceback is the only technique to identify DDoS attacks. The path affected by DDoS attack is identified by IP traceback approaches like Probabilistic Packet marking algorithm (PPM) and Deterministic Packet Marking algorithm (DPM). The PPM approach finds the complete attack path from victim to the source where as DPM finds only the source of the attacker. Using DPM algorithm finding the source of the attacker is difficult, if the router get compromised. Using PPM algorithm we construct the complete attack path, so the compromised router can be identified. In this paper, we review PPM and DPM techniques and compare the strengths and weaknesses of each proposal.

— Denial of service (DOS) attack is one of the most common attacks on the internet. The most difficult part of this attack is to find the source of the denial of service (DOS) attack. Savage et al. proposed PPM algorithm to traceback the route to the attacker. We found two disadvantages of the Savage traceback technique. The first disadvantage is probability of finding of far away routers is very less which results in losing some of the routers identity. This affects the attack graph construction. The second disadvantage is, because of remarking of the edges the constructed graph contain new edges which do not exist in attack graph. In this paper, we propose a modified probabilistic packet marking (MPPM) IP traceback methodology and we found that the results are quite interesting when compared with the approach proposed by Savage. Keywords— DOS attack, IP traceback, indicator, far away routers, Modified Probabilistic Packet marking.

- by yerram bhavani
- •
- Network Security, Ip Traceback, IPv6 IP traceback

The current Internet architecture allows malicious nodes to disguise their origin during denial-of-service attacks with IP spoofing. A well-known solution to identify these nodes is IP traceback. In this paper, we introduce and analyze a lightweight single-packet IP traceback system that does not store any data in the network core. The proposed system relies on a novel data structure called Generalized Bloom Filter, which is tamper resistant. In addition, an efficient improved path reconstruction procedure is introduced and evaluated. Analytical and simulation results are presented to show the effectiveness of the proposed scheme. The simulations are performed in an Internet-based scenario and the results show that the proposed system locates the real attack path with high accuracy.

- by Daniel Cunha
- •
- Data Structure, Internet Architecture, Bloom Filter, Ip Traceback

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, wide-spread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space-efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system's effectiveness.

- by Luis Sanchez
- •
- Distributed Computing, Fault diagnosis, Next Generation, Wide Area Network

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, widespread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system's effectiveness.

- by Luis Sánchez
- •
- Distributed Computing, Fault diagnosis, Next Generation, Wide Area Network

A variety of schemes based on the technique of Probabilistic Packet Marking (PPM) have been proposed to identify Distributed Denial of Service (DDoS) attack traffic sources by IP traceback. These PPM-based schemes provide a way to reconstruct the attack graph -the network path taken by the attack traffic -hence identifying its sources. Despite the large amount of research in this area, the influence of the underlying topology on the performance of PPM-based schemes remains an open issue.

- by Ankunda R. Kiremire
- •
- Ip Traceback, Attack Graph

In today's world one of the major challenge to defense against Distributed Denial of Service (DDoS) Attack. We cannot completely avoid DDoS attack but we can reduce the DDoS attack. In IP traceback schemes, the victim can identify the sources of an attack and can block them. However, these methods react to the attack once it is completed. This means the critical resource of the victim already have been consumed by the attacker and reached the goal of blocking the access to the victim. To overcome this problem of existing IP traceback scheme, defense mechanism against DDoS flooding attacks have been proposed based on existing Deterministic Flow Marking (DFM) IP traceback method. The fundamental issue worried with discovery frameworks is IP spoofing. This paper proposes a bundle marking plan which checks the data into IP header field of the packet to beat the issue of IP spoofing. The marked data is utilized to remake the IP location of the entrance router joined with the attack source at the distinguishing end. The work is sent in the programmable router progressively and the attack source recognition systems are completed. It will improve the performance of the legitimate traffic.

Payload attribution is an important problem often encountered in network forensics. Given an excerpt of a payload, finding its source and destination is useful for many security applications such as identifying sources and victims of a worm or virus. Although IP traceback techniques have been proposed in the literature, these techniques cannot help when we do not have the entire packet or when we only have an excerpt of the payload.

- by Kulesh Shanmugasundaram and +1
- •
- Network Forensics, Performance Analysis, Data Structure, Bloom Filter

... Lata Ragha Department of Computer Engineering Ramrao Adik Institute of Technology Nerul,Navi-Mumbai lata.ragha@gmail.com ... KSEaswarakumar, Anandharaman V, Asw S proposed a proactive statistical defense so attack in active networks... more

- by Lata Ragha
- •
- Internet Security, Edge Detection, Computer crime, IP networks

- by Rafael Laufer
- •
- Engineering, Technology, Advertising, Network Security

- by Rafael Laufer
- •
- Data Structure, Internet Architecture, Bloom Filter, Ip Traceback

ao de rota para o rastreamento de pacotes IP. ´ E mostrado atrav´ es de resultados anal´ iticos e de simulac ¸ ˜ ao que o procedimento proposto ´ e eficaz na identificac ¸ ˜ ao o atacante. Palavras-Chave— Rastreamento de Pacotes, Negac ¸ ˜ ao de Servico, Filtro de Bloom, Seguranca de Redes. Abstract— A defense strategy against denial-of-service attacks is to trace the source of every attack packet for the sake of penalizing the attacker or isolating him from the network. An IP traceback scheme proposed by the authors suggests that routers notify the victim of their presence in the attack path by inserting traceback information on routed packets. With the received information, the victim initiates a reconstruction procedure to identify the true source of the attack. In this paper, an alternative reconstruction procedure is proposed for IP traceback. We show through analytical and simulation results that the proposed reconstruction procedure traces the attack back to its true source, ...

- by Rafael Laufer
- •
- Bloom Filter, Computer Network Security, Denial of Service, Ip Traceback

- by Rafael Laufer
- •
- Engineering, Technology, Advertising, Network Security

Anonymity is important to perpetrators of network-based attacks. One of the simplest ways to remain anonymous is to hide the source of an attack by chaining together multiple connections into an extended connection. This is typically done by logging into a remote host, then from there logging into a third and fourth and so on until, at the final host, an attack is launched. These intermediate hosts are called stepping stones. Tracing such an attack back to the original source is difficult. Some techniques exist to trace individual connections, but tracing an extended connection requires identifying related connection pairs at each stepping stone. This paper examines the problems and approaches to connection tracing, focusing on tracing extended connections across stepping stones. We survey the literature and discuss the several techniques that have been offered so far for discovering related connection pairs, and offer a taxonomy of these techniques. We then discuss a set of experiments performed on four selected algorithms to compare them and gain better understanding of their relative strengths and weaknesses. An architecture for an integrated attack attribution system, including both stepping stone detection and IP traceback, is offered, followed by concluding remarks and observations. Our future work will include constructing the master function and installing stepping stone detection extensions into SPIE to provide a more complete traceback solution.

- by Tim Strayer
- •
- Ip Traceback
- by Gautam Barua
- •
- Internet Service Provider, Ip Traceback, Packet filtering, DDOS Attack

Denial of service (DoS) attacks are a serious threat to the appropriate operation of services within network domains. In this paper, we propose a system called OsTraS (OSPF-based Traceback System) that helps network operators to deal with this threat by creating an overlay network for intra-domain IP traceback. The main contribution of our proposal with respect to previous work is its ability to provide partial and progressive deployment of the traceback system throughout a monitored network domain. The OsTraS system builds its overlay network using the OSPF routing protocol through the definition of an Opaque LSA (Link State Advertisement) specially conceived for this purpose. We investigate and evaluate the performance of partial and progressive deployment of the proposed system, showing its suitability even for large network domains.

Probabilistic Packet Marking algorithm suggests a methodology to identify all the participated routers of the attack path by probabilistically marking the packets. In this approach, these marked packets contain partial information regarding the routers of the attack path. At receiver, to get the complete information of every router, it requires more number of marked packets and hence more combinations and more false positives. To overcome this drawback we have presented a novel idea in finding the exact IP address of the routers in the attack path by applying Chinese Remainder Theorem. The result of our implementation reveals that our idea requires less number of marked packets and takes no time in constructing the attack path. The same idea is true even in the case of multiple attackers.

- by yerram bhavani
- •
- Distributed Denial of Service Attack, Ip Traceback, IPv6 IP traceback