Denial-of-Service (DoS) attacks with fake source IP addresses have become a major threat to the Internet. Intrusion detection systems are often used to detect DoS attacks. However, DoS attack packets attempt to exhaust resources, degrading network performance or, even worse, causing network breakdown. The proposed proactive approach is allocating the original attack host(s) issuing the attacks and stopping the malicious traffic, instead of wasting resources on the attack traffic.
Ant colony based traceback approach is presented in this study to identify the DoS attack original source IP address. Instead of creating a new function or processing a high volume of fine-grained data, the proposed IP address traceback approach uses flow level information to identify the origin of a DoS attack.
The proposed method is evaluated through simulation on various network environments. The simulation results show that the proposed method can successfully and efficiently find the DoS attack path in various simulated network environments.
[1]
Anna R. Karlin,et al.
Network support for IP traceback
,
2001,
TNET.
[2]
Craig Partridge,et al.
Single-packet IP traceback
,
2002,
TNET.
[3]
Craig Partridge,et al.
Traceback of single IP packets using SPIE
,
2003,
Proceedings DARPA Information Survivability Conference and Exposition.
[4]
M. Dorigo,et al.
Ant System: An Autocatalytic Optimizing Process
,
1991
.
[5]
Dawn Xiaodong Song,et al.
Advanced and authenticated marking schemes for IP traceback
,
2001,
Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).