The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support I...The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support IP packet marking or detected agents. So far, this requirement is not satisfied. On the basis of traditional traceroute,this paper investigates the efficiency of discovering path methods from aspects of the size and order of detecting packets, and the length of paths.It points out that the size of padding in probed packets has a slight effect on discovering latency, and the latency with the method of bulk sending receiving is much smaller than one with the traditional traceroute. Moreover, the loss rate of packets with the technique of TTL (Time To Live) which increases monotonously is less than that with the technique of TTL which decreases monotonously. Lastly,OS (Operating System) passive fingerprint is used as heuristic to predict the length of the discovered path so as to reduce disturbance in network traffic.展开更多
Due to constrained resources, DDoS attack is one of the biggest threats to MANET. IP traceback technique is useful to defend against such type of attacks, since it can identify the attack sources. Several types of tra...Due to constrained resources, DDoS attack is one of the biggest threats to MANET. IP traceback technique is useful to defend against such type of attacks, since it can identify the attack sources. Several types of traceback schemes have been proposed for wired networks. Among all the existing schemes, probabilistic packet marking (PPM) scheme might be the most promising scheme for MANET. However its performance in MANET is not as good as that in Internet. In this paper, a new scheme based on the codingtechnique (CT) is proposed for traceback in MANET. Furthermore, a new idea of Incremental traceback is raised to cope with the situation of incremental attack (ICT). We present the protocol design and conduct theoretical analysis of this scheme. Additionally, we conduct experiments to compare it with the traditional PPM scheme. The experimental results show that the new coding-based traceback scheme outperforms the PPM scheme in MANET.展开更多
The Internet is facing a major threat, consisting of a disruption to services caused by distributed denial-of-service (DDoS) attacks. This kind of attacks continues to evolve over the past two decades and they are wel...The Internet is facing a major threat, consisting of a disruption to services caused by distributed denial-of-service (DDoS) attacks. This kind of attacks continues to evolve over the past two decades and they are well known to significantly affect?companies and businesses. DDoS is a popular choice among attackers community. Such attack can easily exhaust the computing and communication resources of its victim within a short period of time. Many approaches to countering DDoS attacks have been proposed, but few have addressed the use of multipath. In this paper, we analyze, how multipath routing based solutions could be used to address the DDoS problem. The proposed framework traces back the attack to its source and blocks it. It also calculates multiple paths to the attacker (if they exist) and alerts all gateways near the attacker to block possible traffic originating from this source in case another path(s) is (are) later used to attack the victim again. We demonstrate that our scheme performs better that other single path schemes.展开更多
In the design and construction process of Next Generation Internet, it is important to identify the source of each IP packet forwarding accurately, especially for the support of precise fine-grained management,control...In the design and construction process of Next Generation Internet, it is important to identify the source of each IP packet forwarding accurately, especially for the support of precise fine-grained management,control, traceability and improving the trustworthiness of the Internet. This paper designed a scalable Network Identity(NID) scheme for the Internet users, proposed NIDTGA(Network Identity and Time Generated Address), an IPv6 address generation algorithm embedded NID and time information, then designed and implemented an IPv6 address generation and traceback system based on NIDTGA. The design of NIDTGA, which reflects the length, time and owner attributes of the IP address, can be a good support to ADN(Address Driven Network). At the same time, by embedding the key elements of user identity and time in the IPv6 address,and by taking into account both the traceability and privacy, NIDTGA can provide a technical basis for the establishment of the network trust mechanism, and achieve the traceability of security event.展开更多
In a hostile environment, sensor nodes may be compromised and then be used to launch various attacks. One severe attack is false data injection which is becoming a serious threat to wireless sensor networks. An attack...In a hostile environment, sensor nodes may be compromised and then be used to launch various attacks. One severe attack is false data injection which is becoming a serious threat to wireless sensor networks. An attacker uses the compromised node to flood the network and exhaust network resources by injecting a large number of bogus packets. In this paper, we study how to locate the attack node using a framework of packet marking and packet logging. We propose a combined packet marking and logging scheme for traceback (CPMLT). In CPMLT, one packet can be marked by up to M nodes, each node marks a packet with certain probability. When one packet is marked by M nodes, the next marking node will log this packet. Through combining packet marking and logging, we can reconstruct the entire attack path to locate the attack node by collecting enough packets. In our simulation, CPMLT achieves fast traceback with little logging overhead.展开更多
A novel deterministic packet marking (DPM) for IP traceback against denial of service (DOS) and distributed denial of service (DDoS) attacks is presented, which features good scalability and high accuracy. In th...A novel deterministic packet marking (DPM) for IP traceback against denial of service (DOS) and distributed denial of service (DDoS) attacks is presented, which features good scalability and high accuracy. In this scheme, an ingress router pre-calculates a Hash of its IP address and splits the Hash into several fragments. When marking a packet, the router randomly selects a fragment to mark into the packet. In the traceback stage the victim identifies the marked router with the help of the map of its upstream routers. Based on the map, the victim can identify a candidate ingress router after receiving only several marked packets. The scheme overcomes defects in previous deterministic packet marking schemes, where too much packets are required to recover a router and high false positive rate occurs in case of large-scale DDoS. Theoretical analysis, the pseudo code and experimental results are provided. The scheme is proved to be accurate and efficient and can handle large-scale DDoS attacks.展开更多
The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and t...The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi's limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.展开更多
This paper presents a dynamic probabilistic marking algorithm with multiple routing address tags, which allows the vic- tim to traceback the origin of ICMP (Internet Control Message Pro- tocol)-based direct and refl...This paper presents a dynamic probabilistic marking algorithm with multiple routing address tags, which allows the vic- tim to traceback the origin of ICMP (Internet Control Message Pro- tocol)-based direct and reflective DoS attacks. The proposed ap- proach makes full use of scalable data space of ICMP packet to achieve multiple information tags. The difference between this pro- posal and previous proposals lies in two points. First, the number of packets needed by the victim to reconstruct the attack path is greatly reduced because of three key mechanisms: multi-tag, uniform left- over probability, and tag location choice based on the module of accommodated tag numbers within a packet. Second, the true origin of both direct and reflective ICMP-based DoS attacks can be traced.展开更多
文摘The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support IP packet marking or detected agents. So far, this requirement is not satisfied. On the basis of traditional traceroute,this paper investigates the efficiency of discovering path methods from aspects of the size and order of detecting packets, and the length of paths.It points out that the size of padding in probed packets has a slight effect on discovering latency, and the latency with the method of bulk sending receiving is much smaller than one with the traditional traceroute. Moreover, the loss rate of packets with the technique of TTL (Time To Live) which increases monotonously is less than that with the technique of TTL which decreases monotonously. Lastly,OS (Operating System) passive fingerprint is used as heuristic to predict the length of the discovered path so as to reduce disturbance in network traffic.
文摘Due to constrained resources, DDoS attack is one of the biggest threats to MANET. IP traceback technique is useful to defend against such type of attacks, since it can identify the attack sources. Several types of traceback schemes have been proposed for wired networks. Among all the existing schemes, probabilistic packet marking (PPM) scheme might be the most promising scheme for MANET. However its performance in MANET is not as good as that in Internet. In this paper, a new scheme based on the codingtechnique (CT) is proposed for traceback in MANET. Furthermore, a new idea of Incremental traceback is raised to cope with the situation of incremental attack (ICT). We present the protocol design and conduct theoretical analysis of this scheme. Additionally, we conduct experiments to compare it with the traditional PPM scheme. The experimental results show that the new coding-based traceback scheme outperforms the PPM scheme in MANET.
文摘The Internet is facing a major threat, consisting of a disruption to services caused by distributed denial-of-service (DDoS) attacks. This kind of attacks continues to evolve over the past two decades and they are well known to significantly affect?companies and businesses. DDoS is a popular choice among attackers community. Such attack can easily exhaust the computing and communication resources of its victim within a short period of time. Many approaches to countering DDoS attacks have been proposed, but few have addressed the use of multipath. In this paper, we analyze, how multipath routing based solutions could be used to address the DDoS problem. The proposed framework traces back the attack to its source and blocks it. It also calculates multiple paths to the attacker (if they exist) and alerts all gateways near the attacker to block possible traffic originating from this source in case another path(s) is (are) later used to attack the victim again. We demonstrate that our scheme performs better that other single path schemes.
基金supported by National Natural Science Foundation of China(Grant No.NSFC61402257)National Basic Research Program of China(973 Program)(Grant Nos.2009CB320500+1 种基金2009CB320501)Tsinghua University Self-determined Project(No.2014z21051)
文摘In the design and construction process of Next Generation Internet, it is important to identify the source of each IP packet forwarding accurately, especially for the support of precise fine-grained management,control, traceability and improving the trustworthiness of the Internet. This paper designed a scalable Network Identity(NID) scheme for the Internet users, proposed NIDTGA(Network Identity and Time Generated Address), an IPv6 address generation algorithm embedded NID and time information, then designed and implemented an IPv6 address generation and traceback system based on NIDTGA. The design of NIDTGA, which reflects the length, time and owner attributes of the IP address, can be a good support to ADN(Address Driven Network). At the same time, by embedding the key elements of user identity and time in the IPv6 address,and by taking into account both the traceability and privacy, NIDTGA can provide a technical basis for the establishment of the network trust mechanism, and achieve the traceability of security event.
文摘In a hostile environment, sensor nodes may be compromised and then be used to launch various attacks. One severe attack is false data injection which is becoming a serious threat to wireless sensor networks. An attacker uses the compromised node to flood the network and exhaust network resources by injecting a large number of bogus packets. In this paper, we study how to locate the attack node using a framework of packet marking and packet logging. We propose a combined packet marking and logging scheme for traceback (CPMLT). In CPMLT, one packet can be marked by up to M nodes, each node marks a packet with certain probability. When one packet is marked by M nodes, the next marking node will log this packet. Through combining packet marking and logging, we can reconstruct the entire attack path to locate the attack node by collecting enough packets. In our simulation, CPMLT achieves fast traceback with little logging overhead.
基金supported by the Hi-Tech Research and Development Program of China (2009AA01Z433)
文摘A novel deterministic packet marking (DPM) for IP traceback against denial of service (DOS) and distributed denial of service (DDoS) attacks is presented, which features good scalability and high accuracy. In this scheme, an ingress router pre-calculates a Hash of its IP address and splits the Hash into several fragments. When marking a packet, the router randomly selects a fragment to mark into the packet. In the traceback stage the victim identifies the marked router with the help of the map of its upstream routers. Based on the map, the victim can identify a candidate ingress router after receiving only several marked packets. The scheme overcomes defects in previous deterministic packet marking schemes, where too much packets are required to recover a router and high false positive rate occurs in case of large-scale DDoS. Theoretical analysis, the pseudo code and experimental results are provided. The scheme is proved to be accurate and efficient and can handle large-scale DDoS attacks.
基金the National Natural Science Foundation of China (60273091)Blue Project in Nanjing University of Posts and Telecommunications (NY207118)
文摘The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi's limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.
基金Supported by the National Natural Science Foundation of China(61271316)National Key Basic Research Program of China(973 Program)(2010CB731403)Opening Project of State Key Laboratory for Manufacturing Systems Engineering of Xi’an Jiaotong University(sklms2012005)
文摘This paper presents a dynamic probabilistic marking algorithm with multiple routing address tags, which allows the vic- tim to traceback the origin of ICMP (Internet Control Message Pro- tocol)-based direct and reflective DoS attacks. The proposed ap- proach makes full use of scalable data space of ICMP packet to achieve multiple information tags. The difference between this pro- posal and previous proposals lies in two points. First, the number of packets needed by the victim to reconstruct the attack path is greatly reduced because of three key mechanisms: multi-tag, uniform left- over probability, and tag location choice based on the module of accommodated tag numbers within a packet. Second, the true origin of both direct and reflective ICMP-based DoS attacks can be traced.
