论文信息 - Optimization of excerpt query process for Packet Attribution System

Optimization of excerpt query process for Packet Attribution System

Internet and its applications have increased to an enormous extent in the past decade. As the usage increased, it has also exposed its users to various security threats. Network forensic techniques can be used to traceback the source and the path of an attack that can be used as a legal evidence in a court of law. Packet attribution techniques like Source Path Isolation (SPIE), Block Bloom Filter (BBF), Hierarchical Bloom Filter (HBF) are proposed to store the packet data into the bloom filters at each router present in the network. All the routers in the Autonomous System (AS) are queried for presence of excerpt in their bloom filters to traceback source and path of attack. Upon receiving the excerpt query, each router search their bloom filters for presence of excerpt and send the result to NMS. NMS receives the response from routers and determines the traceback path from victim to source of attack. In this process, all the routers are engaged in searching the bloom filters, causing possible delay in performing actual routing tasks. This degrades network performance and may adversely affect QoS of network. To address potential performance issues, in this paper, we propose query optimization techniques, reducing the number of routers to be searched to a great extent, without adversely affecting storage and processing requirements as compared to existing attribution methods.

Shatrunjay Rawat | Shesha Shila Bharadwaj Renukuntla | Shatrunjay Rawat

[1] Michael S. Greenberg,et al. Network Forensics Analysis , 2002, IEEE Internet Comput..

[2] Wei Ren. On a Network Forensics Model For Information Security , 2004, ISTA.

[3] Burton H. Bloom,et al. Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[4] Nasir D. Memon,et al. Payload attribution via hierarchical bloom filters , 2004, CCS '04.

[5] Anna R. Karlin,et al. Practical network support for IP traceback , 2000, SIGCOMM.

[6] Hervé Brönnimann,et al. Highly efficient techniques for network forensics , 2007, CCS '07.

[7] W.T. Strayer,et al. SPIE-IPv6: single IPv6 packet traceback , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[8] Alex C. Snoeren,et al. Hash-based IP traceback , 2001, SIGCOMM '01.

[9] Stuart Staniford-Chen,et al. Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[10] Bruno Baynat,et al. Retouched bloom filters: allowing networked applications to trade off selected false positives against false negatives , 2006, CoNEXT '06.

[11] Andrei Broder,et al. Network Applications of Bloom Filters: A Survey , 2004, Internet Math..