Traceback model for identifying sources of distributed attacks in real time

Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious end users on their bandwidth shares predefined in the service level agreement. Then, active connections of the malicious users are investigated to locate the host machines used as distributed sources of attack traffic. Mathematical model and simulation results demonstrate that the proposed model can reduce the required time for identifying malicious users and locating host machines used as the actual sources of attack packets. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Swapnil M. Sanap,et al.  sOverview of IP tracebacking using packet marking techniques , 2015, 2015 International Conference on Advances in Computer Engineering and Applications.

[2]  Rida Khatoun,et al.  Survey on packet marking fields and information for IP traceback , 2015, SSIC.

[3]  Daisuke Miyamoto,et al.  Taxonomical approach to the deployment of traceback mechanisms , 2011, 2011 Baltic Congress on Future Internet and Communications.

[4]  He Hu,et al.  A Fast Deterministic Packet Marking Scheme for IP Traceback , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[5]  Bharat K. Bhargava,et al.  Edge-to-edge measurement-based distributed network monitoring , 2004, Comput. Networks.

[6]  Aman Jantan,et al.  SLA-based complementary approach for network intrusion detection , 2011, Comput. Commun..

[7]  Otto Carlos Muniz Bandeira Duarte,et al.  A Stateless Traceback Technique for Identifying the Origin of Attacks from a Single Packet , 2011, 2011 IEEE International Conference on Communications (ICC).

[8]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[9]  Aman Jantan,et al.  Service Violation Monitoring Model for Detecting and Tracing Bandwidth Abuse , 2012, Journal of Network and Systems Management.

[10]  Aman Jantan,et al.  Real-time detection of intrusive traffic in QoS network domains , 2013, IEEE Security & Privacy.

[11]  Yan Dong,et al.  Deterministic packet marking based on the coordination of border gateways , 2010, 2010 2nd International Conference on Education Technology and Computer.

[12]  Jun Xu,et al.  Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation , 2008, TNET.

[13]  Nadziroh Nadziroh,et al.  KONSEP PEMBELAJARAN PKN DALAM MENANAMKAN PENDIDIKAN ANTI KORUPSI SEJAK DINI DISEKOLAH DASAR , 2017 .

[14]  V. Janaki,et al.  IP traceback through modified probabilistic packet marking algorithm , 2013, 2013 IEEE International Conference of IEEE Region 10 (TENCON 2013).

[15]  Adrian Popescu,et al.  Unicast QoS Routing in Overlay Networks , 2008, Network Performance Engineering.

[16]  Enn Tyugu,et al.  Artificial intelligence in cyber defense , 2011, 2011 3rd International Conference on Cyber Conflict.

[17]  Athanasios V. Vasilakos,et al.  Passive IP Traceback: Disclosing the Locations of IP Spoofers From Path Backscatter , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[19]  Minyi Guo,et al.  A Feasible IP Traceback Framework through Dynamic Deterministic Packet Marking , 2016, IEEE Transactions on Computers.

[20]  Raymond K. Wong,et al.  Efficient Role Mining for Context-Aware Service Recommendation Using a High-Performance Cluster , 2017, IEEE Transactions on Services Computing.

[21]  David K. Y. Yau,et al.  You can run, but you can't hide: an effective statistical methodology to trace back DDoS attackers , 2005, IEEE Transactions on Parallel and Distributed Systems.

[22]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[23]  Jun Bi,et al.  A Probabilistic Marking Scheme for Fast Traceback , 2010, 2010 2nd International Conference on Evolving Internet.

[24]  Ahmad Fadlallah Adaptive probabilistic packet marking scheme for IP traceback , 2014, 2014 World Congress on Computer Applications and Information Systems (WCCAIS).

[25]  Peter Steenkiste,et al.  Evaluation and characterization of available bandwidth probing techniques , 2003, IEEE J. Sel. Areas Commun..

[26]  Geert Deconinck,et al.  Denial of Service Attacks: a Tutorial , 2011 .