An Effective and Feasible Traceback Scheme in Mobile Internet Environment

Around one billion people access the Internet using their mobile phones today, and many of the mobile phones are prone to be compromised by hackers due to their inherited vulnerability. It is critical to identify these compromised mobile phones to effectively eliminate cyber attacks. However, we see few research works in the field. In order to address this desperate situation, we design a practical traceback framework to identify active compromised mobiles in the mobile Internet environment in this letter. In the proposed framework, we creatively use the IMEI number of mobile hardware as unique marks for the traceback purpose. Two-layer traceback tables are designed to collect global attack information and identify local attacking bots, respectively. Our analysis and simulation demonstrate that the proposed traceback method is effective and feasible, and it can identify every possible attacking mobile in the current mobile Internet environment with single packet marking.

[1]  Syed Obaid Amin,et al.  Hop-by-Hop Traceback in Wireless Sensor Networks , 2012, IEEE Communications Letters.

[2]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[3]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[4]  Minyi Guo,et al.  A dynamical Deterministic Packet Marking scheme for DDoS traceback , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[5]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[6]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[7]  Guofei Gu,et al.  A Large-Scale Empirical Study of Conficker , 2012, IEEE Transactions on Information Forensics and Security.

[8]  Song Guo,et al.  Malware Propagation in Large-Scale Networks , 2015, IEEE Transactions on Knowledge and Data Engineering.

[9]  Feng Qi,et al.  IP traceback in GPRS , 2011 .

[10]  Yi Lin,et al.  Preventing DDoS attacks by identifier/locator separation , 2013, IEEE Network.

[11]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[12]  Svein Yngvar Willassen Forensics and the GSM Mobile Telephone System , 2003, Int. J. Digit. EVid..

[13]  Alexandre Jose Figueiredo Loureiro,et al.  Substandard cell phones: impact on network quality and a new method to identify an unlicensed IMEI in the network , 2014, IEEE Communications Magazine.