Autonomous system based flow marking scheme for IP-Traceback

Tracing IP packets to their sources, known as IP-Traceback, is a critical task in defending against IP spoofing and DoS attacks. There are several solutions to traceback to the origin of the attack. However, all these solutions require either all routers or ISPs to support the same IP-Traceback mechanism. To address this limitation, we propose an IP-Traceback approach at the level of autonomous systems, called Autonomous System-based Flow Marking, ASFM, to identify some key locations in the path where attacker packets are being forwarded. ASFM employs the BGP update message community attribute that enables information to be passed across ASs even if they are not necessarily involved in the IP-Traceback scheme. We also propose an authentication method, so a downstream AS can examine the correctness of the marking provided by the upstream ASs, thus eliminating the fake marking embedded by subverted routers. Finally, we evaluate and analyze the performance of our proposal, using real life datasets.

[1]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[2]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[3]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[4]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[5]  S. Sitharama Iyengar,et al.  Authenticated autonomous system traceback , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[6]  A. Nur Zincir-Heywood,et al.  Deterministic and Authenticated Flow Marking for IP Traceback , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[7]  It Informatics,et al.  Border Gateway Protocol , 2013 .

[8]  A. Nur Zincir-Heywood,et al.  On Evaluating IP Traceback Schemes: A Practical Perspective , 2013, 2013 IEEE Security and Privacy Workshops.

[9]  IEEE/IFIP Network Operations and Management Symposium, NOMS 2010, 19-23 April 2010, Osaka, Japan , 2010, IEEE/IFIP Network Operations and Management Symposium.

[10]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[11]  A. Nur Zincir-Heywood,et al.  TDFA: Traceback-Based Defense against DDoS Flooding Attacks , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[12]  M. J. Reed,et al.  Efficient AS DoS traceback , 2013, 2013 International Conference on Computer Applications Technology (ICCAT).

[13]  A. Nur Zincir-Heywood,et al.  Probabilistic flow marking for IP traceback (PFM) , 2015, 2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM).

[14]  S. Mercy Shalinie,et al.  Attack source identification at router level in real time using marking algorithm deployed in programmable routers , 2011, 2011 International Conference on Recent Trends in Information Technology (ICRTIT).

[15]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2007, Int. J. Secur. Networks.

[16]  Ronaldo M. Salles,et al.  An AS-level overlay network for IP traceback , 2009, IEEE Network.

[17]  A. Nur Zincir-Heywood,et al.  IP traceback through (authenticated) deterministic flow marking: an empirical evaluation , 2013, EURASIP Journal on Information Security.

[18]  A. Nur Zincir-Heywood,et al.  Investigating unique flow marking for tracing back DDoS attacks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[19]  E. Kranakis,et al.  A Selective Introduction to Border Gateway Protocol ( BGP ) Security Issues , 2005 .

[20]  Nirwan Ansari,et al.  A practical and robust inter-domain marking scheme for IP traceback , 2007, Comput. Networks.

[21]  Edsger W. Dijkstra,et al.  A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[22]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[23]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[24]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[25]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[26]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[27]  Leonard Barolli,et al.  FAST: Fast Autonomous System Traceback , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[28]  M. Tech,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2014 .