IP-traceback based attacker tracking: a probabilistic technique for detecting Internet attacks using the concept of hidden Markov models

In this paper we propose an extension to the probabilistic packet marking scheme, for detecting denial-of-service and distributed denial-of-service attacks, using the concept of hidden Markov models. Our approach has the potential of probabilistically reconstructing the attacking path from the available packets without the intervention of Internet service providers and without increasing the overhead on the packets.

[1]  Nirwan Ansari,et al.  Enhanced probabilistic packet marking for IP traceback , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[2]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[3]  Kenneth L. Calvert,et al.  Modeling Internet topology , 1997, IEEE Commun. Mag..

[4]  L. Trajkovic,et al.  Mapping the Internet , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[5]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[6]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[7]  Bill Cheswick,et al.  Mapping and Visualizing the Internet , 2000, USENIX Annual Technical Conference, General Track.

[8]  Josephine Choi,et al.  Enhanced Probabilistic Packet Marking for IP Traceback , 2004 .

[9]  Ramesh Govindan,et al.  Heuristics for Internet map discovery , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).