A Novel Algorithm on IP Traceback to Find the Real Source of Spoofed IP Packets

With the availability of Internet at the doorsteps in recent years, there has been a wide range of invasions from strangers such as distributed denial of service (DDoS) attacks. DDoS can be launched from any location, draining resources of the victim machine or network. The original IP address of the attacker is more often spoofed; hence, an IP traceback scheme is needed to trace the source of a packet. In this paper, we propose a novel marking algorithm which provides a single packet traceback directly at the victim’s location. The marking algorithm is simple to use with negligible computation and no storage overhead, compared to existing system. Further, the traceback is in convenience to the victim as the entire network traversal or out of band message to identify the attack source is not needed.

[1]  Wanlei Zhou,et al.  Trace IP packets by flexible deterministic packet marking (FDPM) , 2004, 2004 IEEE International Workshop on IP Operations and Management.

[2]  Guang Jin,et al.  Deterministic packet marking based on redundant decomposition for IP traceback , 2006, IEEE Communications Letters.

[3]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[4]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[5]  Kamil Saraç,et al.  A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking , 2008, IEEE Transactions on Parallel and Distributed Systems.

[6]  G. Manimaran,et al.  Novel hybrid schemes employing packet marking and logging for IP traceback , 2006, IEEE Transactions on Parallel and Distributed Systems.

[7]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[8]  Vrizlynn L. L. Thing,et al.  ICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback , 2003, ICICS.

[9]  A. Tamilarasi,et al.  A hybrid scheme using packet marking and logging for IP traceback , 2010, Int. J. Internet Protoc. Technol..

[10]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[11]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[12]  Geert Deconinck,et al.  Analyzing well-known countermeasures against distributed denial of service attacks , 2012, Comput. Commun..

[13]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[14]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[15]  Ming-Chien Yang,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2012, IEEE Transactions on Information Forensics and Security.

[16]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[17]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[18]  Shigeyuki Matsuda,et al.  Tracing Network Attacks to Their Sources , 2002, IEEE Internet Comput..

[19]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[20]  H. K. Dai,et al.  A marking scheme using Huffman codes for IP traceback , 2004, 7th International Symposium on Parallel Architectures, Algorithms and Networks, 2004. Proceedings..

[21]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[22]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[23]  M. Sloman,et al.  Enhanced ICMP traceback with cumulative path , 2005, 2005 IEEE 61st Vehicular Technology Conference.

[24]  David K. Y. Yau,et al.  You can run, but you can't hide: an effective statistical methodology to trace back DDoS attackers , 2005, IEEE Transactions on Parallel and Distributed Systems.

[25]  Hassan Aljifri,et al.  IP Traceback using header compression , 2003, Comput. Secur..

[26]  Nirwan Ansari,et al.  Tracing multiple attackers with deterministic packet marking (DPM) , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[27]  M.F.A. Rasid,et al.  Accurate ICMP TraceBack Model under DoS/DDoS Attack , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[28]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[29]  Syed Obaid Amin,et al.  Hop-by-Hop Traceback in Wireless Sensor Networks , 2012, IEEE Communications Letters.