RIHT: A Novel Hybrid IP Traceback Scheme

Because the Internet has been widely applied in various fields, more and more network security issues emerge and catch people's attention. However, adversaries often hide themselves by spoofing their own IP addresses and then launch attacks. For this reason, researchers have proposed a lot of traceback schemes to trace the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others combine packet marking with packet logging and therefore create hybrid IP traceback schemes demanding less storage but requiring a longer search. In this paper, we propose a new hybrid IP traceback scheme with efficient packet logging aiming to have a fixed storage requirement for each router (under 320 KB, according to CAIDA's skitter data set) in packet logging without the need to refresh the logged tracking information and to achieve zero false positive and false negative rates in attack-path reconstruction. In addition, we use a packet's marking field to censor attack traffic on its upstream routers. Lastly, we simulate and analyze our scheme, in comparison with other related research, in the following aspects: storage requirement, computation, and accuracy.

[1]  Kamil Saraç,et al.  Toward a Practical Packet Marking Approach for IP Traceback , 2009, Int. J. Netw. Secur..

[2]  Xiao-jing Wang,et al.  IP Traceback Based on Deterministic Packet Marking and Logging , 2009, 2009 International Conference on Scalable Computing and Communications; Eighth International Conference on Embedded Computing.

[3]  Yong Guan,et al.  TOPO: A Topology-aware Single Packet Attack Traceback Scheme , 2006, 2006 Securecomm and Workshops.

[4]  G. Manimaran,et al.  Novel hybrid schemes employing packet marking and logging for IP traceback , 2006, IEEE Transactions on Parallel and Distributed Systems.

[5]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[6]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[7]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[8]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[9]  Wolfgang John,et al.  Analysis of internet backbone traffic and header anomalies observed , 2007, IMC '07.

[10]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[11]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[12]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[13]  A. Tamilarasi,et al.  A proposal for new marking scheme with its performance evaluation for IP traceback , 2008 .

[14]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[15]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[16]  Fernando Gont,et al.  Internet Engineering Task Force (ietf) Security Assessment of the Internet Protocol Version 4 , 2011 .

[17]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[18]  Ion Stoica,et al.  Providing guaranteed services without per flow management , 1999, SIGCOMM '99.

[19]  Tomas Olovsson,et al.  Detection of malicious traffic on back‐bone links via packet header analysis , 2008 .

[20]  Nirwan Ansari,et al.  Tracing multiple attackers with deterministic packet marking (DPM) , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[21]  H. K. Dai,et al.  A marking scheme using Huffman codes for IP traceback , 2004, 7th International Symposium on Parallel Architectures, Algorithms and Networks, 2004. Proceedings..

[22]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[23]  Kamil Saraç,et al.  A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking , 2008, IEEE Transactions on Parallel and Distributed Systems.

[24]  A. Tamilarasi,et al.  A hybrid scheme using packet marking and logging for IP traceback , 2010, Int. J. Internet Protoc. Technol..