RPDT: An Architecture for IP Traceback in Partial Deployment Scenario

The ideal defense against cyberattacks like DDoS is filtering at their Point-of-Presence (POP). But it is difficult to find out the original POP of an IP packet/flow in a network, especially in IP-spoofing and partial probe deployment scenarios. In this paper, we propose an IP traceback architecture, Route Path Detection for IP Traceback (RPDT). It utilizes the route path information and logging digests of probes to reconstruct the path traversed by attack packets. Two node selection algorithms are designed to optimize the partial probe deployment of RPDT, Vertex Cover Improved by Degree (VCID) and Slack Path Cover (SPC), respectively. The experiments in mininet show that RPDT with either algorithm can deploy limited number of probes for traceback while preserving appreciable performance, which is favorable for Internet Service Providers (ISPs) to save deployment expenditure.

[1]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[2]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[3]  Shyhtsun Felix Wu,et al.  DECIDUOUS: decentralized source identification for network-based intrusions , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[4]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[5]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[6]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[7]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[8]  Murali S. Kodialam,et al.  Traffic engineering in software defined networks , 2013, 2013 Proceedings IEEE INFOCOM.

[9]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[10]  Ge Xia,et al.  Improved upper bounds for vertex cover , 2010, Theor. Comput. Sci..

[11]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[12]  Ibrahim Matta,et al.  On the origin of power laws in Internet topologies , 2000, CCRV.

[13]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[14]  Aiko Pras,et al.  Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX , 2014, IEEE Communications Surveys & Tutorials.

[15]  Ibrahim Matta,et al.  BRITE: an approach to universal topology generation , 2001, MASCOTS 2001, Proceedings Ninth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[16]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[17]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[18]  Dinil Mon Divakaran,et al.  FACT: A Framework for Authentication in Cloud-Based IP Traceback , 2017, IEEE Transactions on Information Forensics and Security.

[19]  Michal Pióro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010, Networks.

[20]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[21]  Heejo Lee,et al.  An incrementally deployable anti-spoofing mechanism for software-defined networks , 2015, Comput. Commun..

[22]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..