Distributed IDS Tracing Back to Attacking Sources

نویسندگان

  • Wu Liu
  • Hai-Xin Duan
  • Jianping Wu
  • Ping Ren
  • Li-Hua Lu
چکیده

In this paper we present robust algorithms of transmission and reconstruction of attacking path(s) in IDS for providing traceback information in IP packets without requiring interactive operational support from Internet Service Providers, which is based on IP address compression techniques, polynomial theory and techniques from algebraic coding theory. Our best scheme has improved robustness over previous combinatorial approaches, both for noise elimination and multiple-path re-construction. Another key advantage of our schemes is that they will automatically benefit from any improvement in the underlying mathematical techniques, for which progress has been steady in recent years.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Tracing Anonymous Packets to Their Approximate Source

Most denial-of-service attacks are characterized by a flood of packets with random, apparently valid source addresses. These addresses are spoofed, created by a malicious program running on an unknown host, and carried by packets that bear no clues that could be used to determine their originating host. Identifying the source of such an attack requires tracing the packets back to the source hop...

متن کامل

A Model for Determining the Origin OFA Packet to Find Real Attacks

Internet Protocol (IP) trace back is the enabling technology to control Internet crime. In this paper, we present a novel and practical IP trace back system called Flexible Deterministic Packet Marking (FDPM) which provides a defense system with the ability to find out the real sources of attacking packets that traverse through the network. While a number of other trace back schemes exist, FDPM...

متن کامل

A Trust-based Model for Collaborative Intrusion Response

Intrusion detection systems (IDS) are quickly becoming a standard component of a network security infrastructure. Most IDS developed to date emphasize detection; response is mainly concentrated on blocking a part of the network after an intrusion has been detected. This mechanism can help in temporarily stopping the intrusion, but such a limited response means that attacking is free for the att...

متن کامل

Payoff Based IDS Evaluation

IDS are regularly evaluated by comparing their false positive and false negative rates on ROC curves. However, this mechanism generally ignores both the context within which the IDS operates and the attacker’s own ability to adapt to IDS behavior. In this paper, we propose an alternative strategy for evaluating IDS based around multiple strategies. Each strategy defines how an attacker profits ...

متن کامل

Intrusion Detection System using K2 Self Learning Algorithm and Open Attacking Plateform

The goal of a this IDS is to identify malicious behaviour that targets a network or a host and its resources. Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationships which can affect attack types. A Bayesian Network here used is a graphical modeling tool which used to model decision problems containing uncertainty. BN and K2 learni...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003