Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy
نویسنده
چکیده
Traceback schemes have been proposed to trace the sources of attacks that usually hide by spoofing their IP addresses. Among these methods, schemes using packet logging can achieve single-packet traceback. But packet logging demands high storage on routers and therefore makes IP traceback impractical. For lower storage requirement, packet logging and packet marking are fused to make hybrid single-packet IP traceback. Despite such attempts, their storage still increases with packet numbers. That is why RIHT bounds its storage with path numbers to guarantee low storage. RIHT uses IP header's ID and offset fields to mark packets, so it inevitably suffers from fragment and drop issues for its packet reassembly. Although the 16-bit hybrid IP traceback schemes, for example, MORE, can mitigate the fragment problem, their storage requirement grows up with packet numbers. To solve the storage and fragment problems in one shot, we propose a single-packet IP traceback scheme that only uses packets' ID field for marking. Our major contributions are as follows: (1) our fragmented packets with tracing marks can be reassembled; (2) our storage is not affected by packet numbers; (3) it is the first hybrid single-packet IP traceback scheme to achieve zero false positive and zero false negative rates.
منابع مشابه
A Precise and Practical IP Traceback Technique Based on Packet Marking and Logging
Tracing malicious packets back to their source is important to defend the Internet against Denial of Service (DoS) intrusion. IP traceback is just the technique to realize the goal, it reconstructs IP packets traversed path in the Internet to determine their origins. There are two major kinds of IP traceback techniques, which have been proposed as packet marking and packet logging. In packet ma...
متن کاملStorage-Efficient 16-Bit Hybrid IP Traceback with Single Packet
Since adversaries may spoof their source IPs in the attacks, traceback schemes have been proposed to identify the attack source. However, some of these schemes' storage requirements increase with packet numbers. Some even have false positives because they use an IP header's fragment offset for marking. Thus, we propose a 16-bit single packet hybrid IP traceback scheme that combines packet marki...
متن کاملAn Improved Ip Traceback Mechanism for Network Security
IP traceback is amongst the main challenges that face the security of today’s Internet. Many techniques were proposed, including inband packhranits alert and outband packets each of them has advantages and disadvantages. Source IP spoofing attacks are critical issues to the Internet. These attacks are considered to be sent from bot infected hosts. There has been active research on IP traceback ...
متن کاملPacket Traceback Scheme for Detection IP Based Attack
IP traceback is amongst the main challenges that face the security of today’s Internet. Many techniques were proposed, including in-band packets alert and outband packets each of them has advantages and disadvantages. Source IP spoofing attacks are critical issues to the Internet. These attacks are considered to be sent from bot infected hosts. There has been active research on IP traceback tec...
متن کاملLow Storage and Traceback Overhead IP Traceback System
Using IP spoofing, a person masquerades as another by falsifying source IP address and gains an illegitimate access. Denial of Service (DoS) is an attack that is launched to bring down a network by flooding it with useless traffic. This attack can be easily exploited by IP spoofing. To prevent DoS, it is necessary to determine the source of the attacks. IP traceback is a mechanism that attempts...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014