Single Packet ICMP Traceback Technique using Router Interface

In the modern technological world, with the increasing dependency on Internet the security threats are on the rise. Distributed Denial of Service (DDoS) attack is one of the biggest threats. The attackers tend to exhaust the network resources, while ingeniously hiding their identity, making the defense process extremely difficult. Many researchers have proposed various solutions to traceback the true origin of attack. Among them Internet Control Message Protocol (ICMP) traceback was considered an industry standard by Internet Engineering Task Force (IETF). ICMP Traceback (ITrace) does not require any change in the existing infrastructure. However it consumes considerable bandwidth and requires a large number of packets to traceback an attacker. This work proposes a Single Packet ICMP Traceback technique using Router Interface (SPITRI). It traces the origin of flooding attack with a single ICMP packet. The bandwidth overhead incurred by SPITRI is several times lesser than ITrace. SPITRI was simulated over the CAIDA Ark dataset. It can traceback the attackers with high accuracy, with zero false positive and zero false negative result. The efficacy of the proposed scheme is demonstrated by simulating and comparing it with ITrace, and the latest router interface based single packet traceback scheme.

[1]  Bill Cheswick,et al.  Mapping and Visualizing the Internet , 2000, USENIX Annual Technical Conference, General Track.

[2]  Ruiliang Chen,et al.  RIM: Router Interface Marking for IP Traceback , 2006 .

[3]  A. Tamilarasi,et al.  A hybrid scheme using packet marking and logging for IP traceback , 2010, Int. J. Internet Protoc. Technol..

[4]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[5]  kc claffy,et al.  Measurements of the Internet topology in the Asia-Pacific Region , 2000 .

[6]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[7]  Vern Paxson End-to-end routing behavior in the internet , 2006, Comput. Commun. Rev..

[8]  Wen-Shyong Hsieh,et al.  Probabilistic packet marking with non-preemptive compensation , 2004, IEEE Communications Letters.

[9]  Vern Paxson,et al.  End-to-end routing behavior in the Internet , 1996, TNET.

[10]  Ming-Chien Yang,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2012, IEEE Transactions on Information Forensics and Security.

[11]  Vrizlynn L. L. Thing,et al.  ICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback , 2003, ICICS.

[12]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[13]  A. Tamilarasi,et al.  A proposal for new marking scheme with its performance evaluation for IP traceback , 2008 .

[14]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[15]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[16]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[17]  G. Manimaran,et al.  Novel hybrid schemes employing packet marking and logging for IP traceback , 2006, IEEE Transactions on Parallel and Distributed Systems.

[18]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[19]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[20]  Jun Xu,et al.  Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation , 2008, TNET.

[21]  Kamil Saraç,et al.  A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking , 2008, IEEE Transactions on Parallel and Distributed Systems.

[22]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.