Skip to main content
SpringerLink
Log in

An IP Traceback Model for Network Forensics

  • Conference paper
Digital Forensics and Cyber Crime (ICDF2C 2010)

Included in the following conference series:

Abstract

Network forensics deals with capture, recording, analysis and investigation of network traffic to traceback the attackers. Its ultimate goal is to provide sufficient evidence to allow the perpetrator to be prosecuted. IP traceback is an important aspect in the investigation process where the real attacker is identified by tracking source address of the attack packets. In this paper we classify the various approaches to network forensics to list the requirements of the traceback. We propose a novel model for traceback based on autonomous systems (AS) and deterministic packet marking (DPM) to enable traceback even with a single packet. The model is analyzed against various evaluation metrics. The traceback solution will be a major step in the direction of attack attribution and investigation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lee, S.C., Shields, C.: Tracing the Source of Network Attack: A Technical, Legal and Societal Problem. In: IEEE Workshop IAS, New York, pp. 239–246 (2001)

    Google Scholar 

  2. Palmer, G.: A Road Map for Digital Forensic Research. In: Proc. 1st Digital Forensic Research Workshop (DFRWS), pp. 27–30 (2001)

    Google Scholar 

  3. Pilli, E.S., Joshi, R.C., Niyogi, R.: Network forensic frameworks: Survey and research challenges. Digit. Investig, available online March (2010) (in press)

    Google Scholar 

  4. Gao, Z., Ansari, N.: Tracing Cyber Attacks from the Practical Perspective. IEEE Communications Magazine 43(5), 123–131 (2005)

    Article  Google Scholar 

  5. Santhanam, L., Kumar, A., Agrawal, D.P.: Taxonomy of IP Traceback. J. Info. Assurance and Security 1, 79–94 (2006)

    Google Scholar 

  6. Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakoutio, F., Kent, S.T., Strayer, S.T.: Hash-Based IP Traceback. In: Proceedings of ACM SIGCOMM (2001)

    Google Scholar 

  7. Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing, 20–26 (March/April 2002)

    Google Scholar 

  8. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network Support for IP Traceback. IEEE/ACM Transactions on Networking 9(3), 226–237 (2001)

    Article  Google Scholar 

  9. Song, D., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proceedings of the IEEE INFOCOM 2001, Arkansas, USA (2001)

    Google Scholar 

  10. Dean, D., Franklin, M., Stubblefield, A.: An Algebraic Approach to IP Traceback. ACM Transactions on Information and System Security 5, 119–137 (2002)

    Article  Google Scholar 

  11. Yaar, A., Perrig, A., Song, D.: FIT: Fast Internet Traceback. In: Proc. IEEE 24th Ann. Joint Conf. Computer and Comm. Societies (INFOCOMM 2005), pp. 1395–1407 (2005)

    Google Scholar 

  12. Belenky, A., Ansari, N.: On Deterministic Packet Marking. Computer Networks 51, 732–750 (2006)

    MATH  Google Scholar 

  13. Rayanchu, S.K., Barua, G.: Tracing Attackers with Deterministic Edge Router Marking (DERM). In: Ghosh, R.K., Mohanty, H. (eds.) ICDCIT 2004. LNCS, vol. 3347, pp. 400–409. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. Duwairi, A., Manimaran, G.: Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback. IEEE Trans. Parallel and Dist. Sys. 17(5), 403–418 (2006)

    Article  Google Scholar 

  15. Jing, Y.N., Tu, P., Wang, X.P., Zhang, G.D.: Distributed log based scheme. In: Proc of 5th Int’l. Conf. on Computer and Information Technology (2005)

    Google Scholar 

  16. Gong, C., Sarac, K.: A More Practical Approach for Single-Packet IP Traceback using Packet Marking and Logging. IEEE Trans. Parallel and Dist. Sys. 19(10), 1310–1324 (2008)

    Article  Google Scholar 

  17. Jing, W.X., Lin, X.Y.: IP Traceback based on Deterministic Packet Marking and Logging. In: Proc. IEEE Int’l. Conf. on Scalable Computing and Comm., pp. 178–182 (2009)

    Google Scholar 

  18. Paruchuri, V., Durresi, A., Kannan, R., Iyengar, S.S.: Authentic Autonomous Traceback. In: Proc. 18th Int’l Conf. Adv. Info. Networking and Appln., pp. 406–413 (2004)

    Google Scholar 

  19. Gao, Z., Ansari, N.: A practical and robust inter-domain marking scheme for IP traceback. Computer Networks 51(3), 732–750 (2007)

    Article  MATH  Google Scholar 

  20. Korkmaz, T., et al.: Single packet IP traceback in AS-level partial deployment scenario. Int. J. Security and Networks 2(1/2), 95–108 (2007)

    Article  Google Scholar 

  21. Castelucio, A., Ziviani, A., Salles, R.M.: An AS-level Overlay Network for IP Traceback. IEEE Network, 36–41 (2009)

    Google Scholar 

  22. Carrier, B., Shields, C.: The Session Token Protocol for Forensics and Traceback. ACM Trans. on Info. System Security 7(3), 333–362 (2004)

    Article  Google Scholar 

  23. Demir, O., Ping, J., Kim, J.: Session Based Packet Marking and Auditing for Network Forensics. Int’l. Journal of Digital Evidence 6(1), 1–15 (2007)

    Google Scholar 

  24. Cohen, M.I.: Source attribution for network address translated forensic captures. Digit. Investig. 5(3-4), 138–145 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electronics and Computer Engineering, Indian Institute of Techology Roorkee, Roorkee, India

    Emmanuel S. Pilli, R. C. Joshi & Rajdeep Niyogi

Authors
  1. Emmanuel S. Pilli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. C. Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rajdeep Niyogi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Advances Cyber Forensics Research Laboratory, College of Information Technology, Zayed University, Abu Dhabi, UAE

    Ibrahim Baggili

Rights and permissions

Reprints and permissions

Copyright information

© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Pilli, E.S., Joshi, R.C., Niyogi, R. (2011). An IP Traceback Model for Network Forensics. In: Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19513-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19513-6_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19512-9

  • Online ISBN: 978-3-642-19513-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation