An improved ant colony system algorithm for solving the IP traceback problem

The difficulty in identifying the origin of an attack over the Internet is termed the IP traceback (IPTBK) problem. The probable origin of an attack is commonly investigated using some form of ant colony system (ACS) algorithms. However, such algorithms tend to converge to a local suboptimal solution, meaning that the perpetrator of the attack cannot be found. Therefore, the present study proposes a modified ACS scheme (denoted as ACS-IPTBK) that can identify the true attack path even without the entire network routing information. The ability of the ants to search all feasible attack paths was enhanced using a global heuristic mechanism in which the ant colony was partitioned into multiple subgroups, with each subgroup having its own pheromone updating rule. The performance of the ACS-IPTBK algorithm in reconstructing the attack path was investigated through a series of ns2 simulations by using network topologies generated by the Waxman model. The simulations focused specifically on the effects of the ACS model parameters and network characteristics on the performance of the ACS-IPTBK scheme in converging towards the true attack path. Finally, the robustness of the proposed scheme against spoofed IP attacks was investigated. The results showed that the proposed scheme has a slightly slower convergence speed than does the conventional ACS algorithm, but yields a more globally optimal solution for the attack path, particularly in large-scale network topologies.

[1]  Wu Qing AN ANT COLONY ALGORITHM WITH MUTATION FEATURES , 1999 .

[2]  Mauro Birattari,et al.  Model-Based Search for Combinatorial Optimization: A Critical Survey , 2004, Ann. Oper. Res..

[3]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[4]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[5]  Minqiang Li,et al.  A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis , 2014, Inf. Sci..

[6]  Thomas Stützle,et al.  Improvements on the Ant-System: Introducing the MAX-MIN Ant System , 1997, ICANNGA.

[7]  Luca Maria Gambardella,et al.  Ant colony system: a cooperative learning approach to the traveling salesman problem , 1997, IEEE Trans. Evol. Comput..

[8]  G. Manimaran,et al.  A novel packet marking scheme for IP traceback , 2004, Proceedings. Tenth International Conference on Parallel and Distributed Systems, 2004. ICPADS 2004..

[9]  Ming-Chien Yang,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2012, IEEE Transactions on Information Forensics and Security.

[10]  Luca Maria Gambardella,et al.  MACS-VRPTW: a multiple ant colony system for vehicle routing problems with time windows , 1999 .

[11]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[12]  Chia-Mei Chen,et al.  Ant-based IP traceback , 2008, Expert Syst. Appl..

[13]  Hiroki Takakura,et al.  Toward a more practical unsupervised anomaly detection system , 2013, Inf. Sci..

[14]  Léon J. M. Rothkrantz,et al.  Ant-Based Load Balancing in Telecommunications Networks , 1996, Adapt. Behav..

[15]  Marco Dorigo,et al.  AntNet: Distributed Stigmergetic Control for Communications Networks , 1998, J. Artif. Intell. Res..

[16]  Fabio Roli,et al.  Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[17]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[18]  Marco Dorigo,et al.  Distributed Optimization by Ant Colonies , 1992 .

[19]  G. Manimaran,et al.  Space-time encoding scheme for DDoS attack traceback , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[20]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[21]  BERNARD M. WAXMAN,et al.  Routing of multipoint connections , 1988, IEEE J. Sel. Areas Commun..

[22]  Marco Dorigo,et al.  Ant system: optimization by a colony of cooperating agents , 1996, IEEE Trans. Syst. Man Cybern. Part B.

[23]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[24]  Patrick R. McMullen,et al.  Ant colony optimization techniques for the vehicle routing problem , 2004, Adv. Eng. Informatics.

[25]  Marco Dorigo,et al.  Optimization, Learning and Natural Algorithms , 1992 .

[26]  Ping Wang,et al.  A Revised Ant Colony Optimization Scheme for Discovering Attack Paths of Botnet , 2011, 2011 IEEE 17th International Conference on Parallel and Distributed Systems.

[27]  Chi-Bin Cheng,et al.  A modified ant colony system for solving the travelling salesman problem with time windows , 2007, Math. Comput. Model..

[28]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[29]  Marco Dorigo,et al.  Two Ant Colony Algorithms for Best-Effort Routing in Datagram Networks , 1998 .

[30]  Vittorio Maniezzo,et al.  The Ant System Applied to the Quadratic Assignment Problem , 1999, IEEE Trans. Knowl. Data Eng..

[31]  Monique Snoeck,et al.  Classification With Ant Colony Optimization , 2007, IEEE Transactions on Evolutionary Computation.

[32]  Pinar Çivicioglu,et al.  Artificial cooperative search algorithm for numerical optimization problems , 2013, Inf. Sci..

[33]  Mehdi R. Zargham,et al.  A self-organizing map and its modeling for discovering malignant network traffic , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[34]  Richard F. Hartl,et al.  An improved Ant System algorithm for theVehicle Routing Problem , 1999, Ann. Oper. Res..