Performance Analysis of ACO-based IP Traceback

The Internet has experienced a tremendous expansion in its size and complexity since its commercialization. Internet hosts are threatened by large-scale Distributed Denial-ofService (DDoS) attacks in the network. DDoS attacks typically rely on compromising a large number of hosts to generate traffic to a single destination node. Thus the severity of DDoS attacks will likely increase to the possible extend, as greater numbers of poorly secured hosts are connected to high-bandwidth Internet connections. To detect and coordinate DDoS attacks in the network usually an Intrusion Detection System (IDS) is used but, this method consumes most of the resources and thereby degrades the network performance. Moreover, the memory-less feature of the routing mechanism makes the operation hard to traceback the source of the DDoS attacks. This paper analyzed the performance of an Ant Colony Optimization (ACO)-based IP traceback method to identify the origin of the attack in the network. The ACO-based IP traceback approach uses flow level information to identify the origin of a DDoS attack. The ACO-based IP traceback method is implemented using NS-2 simulation on various network scenarios consisting of 8 nodes, 10 nodes, and 14 nodes. The results of the experimental and simulation studies demonstrate the effectiveness and efficiency of the proposed system.

[1]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[2]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[3]  M Dorigo,et al.  Ant colonies for the travelling salesman problem. , 1997, Bio Systems.

[4]  Hai Jin,et al.  A Recursion Nearness Based Method for Characterizing IP Address , 2005, Sixth International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT'05).

[5]  Chia-Mei Chen,et al.  Ant-based IP traceback , 2008, Expert Syst. Appl..

[6]  Peter Xiaoping Liu,et al.  Distributed Combined Authentication and Intrusion Detection With Data Fusion in High-Security Mobile Ad Hoc Networks , 2010, IEEE Transactions on Vehicular Technology.

[7]  Jung-Min Park,et al.  Attack diagnosis: throttling distributed denial-of-service attacks close to the attack sources , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[8]  Leonard Barolli,et al.  FAST: Fast Autonomous System Traceback , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[9]  D. Srinath,et al.  A Survey of Routing Instability with IP Spoofing on the Internet , 2010 .

[10]  Xiaohong Jiang,et al.  Detecting SYN Flooding Agents under Any Type of IP Spoofing , 2008, 2008 IEEE International Conference on e-Business Engineering.

[11]  Corso Elvezia,et al.  Ant colonies for the traveling salesman problem , 1997 .

[12]  H. Farhat A scalable method to protect from IP spoofing , 2008, 2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT).

[13]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[14]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[15]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[16]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[17]  Marco Dorigo,et al.  Ant colony optimization theory: A survey , 2005, Theor. Comput. Sci..

[18]  Chu-Hsing Lin,et al.  Using Adaptive Bandwidth Allocation Approach to Defend DDoS Attacks , 2008, 2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008).

[19]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[20]  Qiang Liu,et al.  A two-level source address spoofing prevention based on automatic signature and verification mechanism , 2008, 2008 IEEE Symposium on Computers and Communications.

[21]  Yongyuth Permpoontanalarp,et al.  A graph-based methodology for analyzing IP spoofing attack , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[22]  Wei Chen,et al.  Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[23]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[24]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[25]  Leonard Barolli,et al.  Fast autonomous system traceback , 2009, J. Netw. Comput. Appl..