HPSIPT: A high-precision single-packet IP traceback scheme

Abstract Distributed Denial of Service (DDoS) attack remains a major threat, even in the era of connected devices. Attackers often hide their identity, making defending or identifying and subsequently prosecuting them difficult. In this paper, we propose a novel high-precision single-packet IP traceback (HPSIPT) scheme that facilitates the trace back of each spoofed packet to its origin. Numerous IP trace back techniques for tracing attackers exist; however, they are limited either by the number of packets required or the storage and computational overheads incurred at the routers. By contrast, the proposed technique incurs negligible storage and computational overheads. Simulation results based on real-world Internet topologies (obtained from CAIDA) reveal that the proposed IP traceback scheme has a precision of 0.9751, accuracy of 0.9053, recall of 0.8580 and an F1 score of 0.9128 when tracing 130,000 attackers. The implementation of the proposed scheme requires less than 10 KB of storage in most routers, which is approximately 32 times less than that required by other state-of-the-art single-packet traceback techniques. The efficacy of the proposed scheme is compared with that of other single-packet traceback schemes in terms of computational time, storage, accuracy, precision, recall and F1 score. Statistical tests are performed to support the statistical significance of the obtained results.

[1]  Wen-Shyong Hsieh,et al.  Probabilistic packet marking with non-preemptive compensation , 2004, IEEE Communications Letters.

[2]  Kamil Saraç,et al.  A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking , 2008, IEEE Transactions on Parallel and Distributed Systems.

[3]  Maitreyee Dutta,et al.  Implementation of single-packet hybrid IP traceback for IPv4 and IPv6 networks , 2017, IET Inf. Secur..

[4]  Guang Jin,et al.  Deterministic packet marking based on redundant decomposition for IP traceback , 2006, IEEE Communications Letters.

[5]  Xenofontas A. Dimitropoulos,et al.  traIXroute: Detecting IXPs in traceroute paths , 2016, PAM.

[6]  A. Tamilarasi,et al.  A proposal for new marking scheme with its performance evaluation for IP traceback , 2008 .

[7]  A. Nur Zincir-Heywood,et al.  Deterministic and Authenticated Flow Marking for IP Traceback , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[8]  Yinan Jing,et al.  Distributed-log-based scheme for IP traceback , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[9]  Vicky H. Mak-Hau,et al.  Catabolism attack and Anabolism defense: A novel attack and traceback mechanism in Opportunistic Networks , 2015, Comput. Commun..

[10]  Jun Xu,et al.  Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation , 2008, TNET.

[11]  Dinil Mon Divakaran,et al.  Opportunistic Piggyback Marking for IP Traceback , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Ming-Chien Yang,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2012, IEEE Transactions on Information Forensics and Security.

[13]  Ratan K. Guha,et al.  Impact of Internet exchange points on Internet topology evolution , 2010, IEEE Local Computer Network Conference.

[14]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[15]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[16]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[17]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[18]  Ion Stoica,et al.  Providing guaranteed services without per flow management , 1999, SIGCOMM '99.

[19]  A. Tamilarasi,et al.  A hybrid scheme using packet marking and logging for IP traceback , 2010, Int. J. Internet Protoc. Technol..

[20]  M. Engin Tozal,et al.  Record route IP traceback: Combating DoS attacks and the variants , 2018, Comput. Secur..

[21]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[22]  Norio Shiratori,et al.  Extensions to the source path isolation engine for precise and efficient log-based IP traceback , 2010, Comput. Secur..

[23]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[24]  Ashok Singh Sairam,et al.  ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters , 2014, Comput. Commun..

[25]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2017, Comput. Commun..

[26]  Dinil Mon Divakaran,et al.  FACT: A Framework for Authentication in Cloud-Based IP Traceback , 2017, IEEE Transactions on Information Forensics and Security.

[27]  Hiroaki Hazeyama,et al.  A Layer-2 Extension to Hash-Based IP Traceback , 2003 .

[28]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[29]  Ping Wang,et al.  An improved ant colony system algorithm for solving the IP traceback problem , 2016, Inf. Sci..

[30]  Nirwan Ansari,et al.  A practical and robust inter-domain marking scheme for IP traceback , 2007, Comput. Networks.

[31]  G. Manimaran,et al.  Novel hybrid schemes employing packet marking and logging for IP traceback , 2006, IEEE Transactions on Parallel and Distributed Systems.

[32]  Athanasios V. Vasilakos,et al.  Passive IP Traceback: Disclosing the Locations of IP Spoofers From Path Backscatter , 2015, IEEE Transactions on Information Forensics and Security.

[33]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[34]  Minyi Guo,et al.  A Feasible IP Traceback Framework through Dynamic Deterministic Packet Marking , 2016, IEEE Transactions on Computers.

[35]  Ming-Hour Yang,et al.  Design and analysis of hybrid single packet IP traceback scheme , 2017, IET Networks.