Title :
Attak Flow Traceback
Author :
Jang, Heejin ; Yun, Hosang ; Lee, Seongkee
Author_Institution :
Agency for Defense Dev., Daejeon
Abstract :
Identifying the sources of attack packets is the first step in making attackers accountable under the current stateless network routing infrastructure. Several IP packet traceback mechanisms have been designed to attribute the origin of attack conducted not only by flooding network but by single well-targeted packet. However, it is still major challenge to reduce memory space and enhance traceback accuracy in today´s high speed networks. In this paper, we propose an attack flow traceback scheme which is based on flow digests and network layer data. Digesting flow instead of individual packet would save memory and be more scalable. Storing network layer data makes it possible to identify attacker node itself on the subnet not the ingress point of an attacking packet and reduce a lot of unnecessary queries which used to be originated in traceback process.
Keywords :
IP networks; telecommunication network routing; telecommunication security; IP packet traceback; attack flow traceback; attack packet; flow digest; network layer data; network routing; Computer crime; Data structures; High-speed networks; Information technology; Internet; Payloads; Protocols; Routing; Sampling methods; Telecommunication traffic;
Conference_Titel :
Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3407-7
DOI :
10.1109/ICCIT.2008.258
