Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12]

@

Journal of Information Science and Engineering, Vol. 28 No. 3, pp. 453-470 (May 2012)

A Precise and Practical IP Traceback Technique Based on Packet Marking and Logging*

DONG YAN, YULONG WANG, SEN SU AND FANGCHUN YANG
State Key Laboratory of Networking and Switching Technology
Beijing University of Posts and Telecommunications
Beijing, 100876 P.R. China

Tracing malicious packets back to their source is important to defend the Internet against Denial of Service (DoS) intrusion. IP traceback is just the technique to realize the goal, it reconstructs IP packets traversed path in the Internet to determine their origins. There are two major kinds of IP traceback techniques, which have been proposed as packet marking and packet logging. In packet marking, it incurs little overhead, but requires a large number of packets to get the complete path. In packet logging, it requires plenty of storage space to record packet digests information, but has the capability to trace even a single packet. Therefore, it is a new idea to draw on both advantages to get the intrusion source. HIT (Hybrid IP Traceback) is a representative hybrid IP traceback approach, but it has some vulnerabilities. It may return incorrect path in the traceback process, and its storage overhead remains high. In this paper, we propose a precise IP traceback approach with low storage overhead, which improves accuracy and practicality greatly. In the end, the feasibility and effectiveness are evaluated by mathematical analysis and simulations.

Keywords: cyber security, IP traceback, denial of service (DoS) intrusion, packet marking, packet logging, hybrid IP traceback

Full Text () Retrieve PDF document (201205_02.pdf)

Received May 18, 2011; revised September 17 & November 21, 2011; accepted December 29, 2011.
Communicated by Wanjiun Liao.
* This work was supported by the Innovative Research Groups of the National Natural Science Foundation of China (61121061).