SMITE: an SDN and MPLS integrated traceback mechanism

In this paper we present a new approach to IP packet traceback called SMITE which allows efficient traceback of the origin of a packet with incorrect or spoofed source addresses through an integration of software-defined networks (SDN) [15] and Multiprotocol Label Switching (MPLS) [13] in OpenFlow [19]. SMITE leverages the flexibility of SDN and the strength of MPLS network to achieve low false positive rate, ability to perform post-mortem traceback, reduction in storage pressure/ hardware investment and most importantly the ability to perform traceback for a single spoofed packet. SMITE also aims to overcome the difficulties and limitations of legacy traceback mechanisms.

[1]  Rob Sherwood,et al.  On Controller Performance in Software-Defined Networks , 2012, Hot-ICE.

[2]  Ismael Jannoud,et al.  On preventing ARP poisoning attack utilizing Software Defined Network (SDN) paradigm , 2015, 2015 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT).

[3]  Jun Xu,et al.  Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation , 2008, TNET.

[4]  Jiu Lei Jiang,et al.  Multipath Routing , 2014 .

[5]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[6]  Nick Feamster,et al.  Improving network management with software defined networking , 2013, IEEE Commun. Mag..

[7]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[8]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[9]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[10]  Giuseppe Di Battista,et al.  How to handle ARP in a software-defined network , 2016, 2016 IEEE NetSoft Conference and Workshops (NetSoft).

[11]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[12]  A. Nur Zincir-Heywood,et al.  Deterministic and Authenticated Flow Marking for IP Traceback , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[13]  C. Zou,et al.  Denial-of-Service Attack , 2007 .

[14]  Subhasis Banerjee,et al.  Compact TCAM: Flow Entry Compaction in TCAM for Power Aware SDN , 2013, ICDCN.

[15]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[16]  Heejo Lee,et al.  An incrementally deployable anti-spoofing mechanism for software-defined networks , 2015, Comput. Commun..

[17]  Nirwan Ansari,et al.  Tracing cyber attacks from the practical perspective , 2005, IEEE Communications Magazine.

[18]  Ricardo Dominguez Denial of Service Attack , 2018 .

[19]  Martín Casado,et al.  Fabric: a retrospective on evolving SDN , 2012, HotSDN '12.

[20]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[21]  A. Nur Zincir-Heywood,et al.  IP traceback through (authenticated) deterministic flow marking: an empirical evaluation , 2013, EURASIP Journal on Information Security.

[22]  Ning Lu,et al.  A Novel Approach for Single-Packet IP Traceback Based on Routing Path , 2012, 2012 20th Euromicro International Conference on Parallel, Distributed and Network-based Processing.

[23]  Nick McKeown,et al.  MPLS with a simple OPEN control plane , 2011, 2011 Optical Fiber Communication Conference and Exposition and the National Fiber Optic Engineers Conference.

[24]  Ke Xu,et al.  Overlay Logging: An IP Traceback Scheme in MPLS Network , 2005, ICN.

[25]  Olivier Festor,et al.  Anomaly traceback using software defined networking , 2014, 2014 IEEE International Workshop on Information Forensics and Security (WIFS).