Abstract
Nowadays, The widespread networks are intensively threatened by Internet attack. It’s highly urgent to traceback the attack origination, neutralize the attack and punish the malicious attackers. There are many IP traceback methods, but none of the existing solutions can fulfill all the effective traceback requirements. This paper proposed a novel IP traceback scheme. In this scheme, an elaborate digital watermark is put into a honeypot, and the probe-scan-entrap the attacks through the honeypot, which sequentially induces the attacks to visit the digital watermark. Thus in the overlay network, the trail of the digital watermark will reconstruct the attack route so that the hacker’s address can be located. It is very difficult to carry out single packet traceback in traditional methods and their measures heavily depend on the router capability, the network administrators’ and co-operation between ISPs. Our proposal has solved such problems and it can against attacks through proxy or slave hosts.
This work was supported by China Hubei Science & Technology Department through project SBC in 3G CN (2006AA102A04) and Program for new Century Excellent Talents in University NCET-06-0642.1 and the National HighTechnology Research and Development Program ("863"Program) of China No.2006AA01Z267, No. 2007AA01Z215.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Stone, R.: An IP Overlay Network for Tracking DoS Floods. In: Proceedings of the 9th Usenix Security Symposium, Denver, CO, USA (2000)
Burch, H., Cheswick, B.: Tracing Anonymous Packets to their Approximate Source. In: Proceedings of the 14th Conference on Systems Administration, New Orleans, Louisiana, USA. LISA XIV (2000)
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2827, IETF, Network Working Group, Category: Best Current Practice (May 2000)
Bellovin, S., Leech, M., Taylor, T.: ICMP Traceback Messages. Internet Draft, IETF (October 2001)
Wu, S.F., Zhang, L., Massey, D., Mankin, A.: Intention-Driven ICMP Traceback. Internet Draft, IETF (February 2001)
Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing, 20–26 (March/April, 2002)
Schnackenberg, D., Djahandari, K., Sterne, D.: Infrastructure for Intrusion Detection and Response. In: Proceedings for DISCEX (January 2000)
Schnackenberg, D., Djahandari, K., Sterne, D., Holiday, H., Smith, R.: Cooperative Intrusion Traceback and Response Architecture (CITRA). In: Proceedings of the 2nd DARPA Information Survivability Conference and Exposition (June 2001)
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakoutio, F., Kent, S.T., Strayer, S.T.: Hash-Based IP Traceback. In: Proceedings of ACM SIGCOMM 2001 (August 2001)
Burch, H., Cheswick, B.: Tracing Anonymous Packets to their Approximate Source. In: Proceedings of the 14th Conference on Systems Administration, 2000 LISA XIV, New Orleans, Louisiana, USA (2000)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network Support for IP Traceback. IEEE/ACM Transactions on Networking 9(3), 226–237 (2001)
Song, D., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proceedings of the IEEE INFOCOM 2001, Anchorage, AK, USA (2001)
Lee, W., Park, K.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In: Proceedings of the IEEE INFOCOM 2001, Anchorage, AK, USA (2001)
Dean, D., Franklin, M., Stubblefield, A.: An Algebraic Approach to IP Traceback. ACM Transactions on Information and System Security 5, 119–137 (2002)
Stern, J.P., Tillich, J.-P.: Automatic Detection of a Watermarked Document Using a Private Key. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, Springer, Berlin (2001)
Wang, X.Y., Chen, S.: Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems. In: Proc. of the 2007 IEEE Symposium on Security and Privacy, Oakland, May (2007)
Pyun, Y.J., Park, Y.H., Wang, X.Y., Reeves, D.S., Ning, P.: Tracing Traffic Through Intermediate Hosts that Repacketize Flows. In: Proc. of the 26th Annual IEEE Conf. on Computer Communications (Infocom 2007) (2007)
Park, Y.H., Reeves, D.S.: Adaptive Watermarking Against Deliberate Random Delay for Attack Attribution Through Stepping Stones. In: Proc. of the Ninth International Conference on Information and Communications Security (ICICS 2007) (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yi, Z., Pan, L., Wang, X., Huang, C., Huang, B. (2008). IP Traceback Using Digital Watermark and Honeypot. In: Sandnes, F.E., Zhang, Y., Rong, C., Yang, L.T., Ma, J. (eds) Ubiquitous Intelligence and Computing. UIC 2008. Lecture Notes in Computer Science, vol 5061. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69293-5_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-69293-5_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69292-8
Online ISBN: 978-3-540-69293-5
eBook Packages: Computer ScienceComputer Science (R0)