Article

CAPTRA: coordinated packet traceback

Authors:

Lichun BaoAuthors Info & Claims

IPSN '06: Proceedings of the 5th international conference on Information processing in sensor networks

Pages 152 - 159

https://doi.org/10.1145/1127777.1127803

Published: 19 April 2006 Publication History

Abstract

Network-based attacks can be either persistent or sporadic. Persistent attack flows can be relatively easy to trace by mechanisms such as probabilistic packet marking, traffic logging, data mining etc. Sporadic attacks are sometimes easily detected by the Intrusion Detection Systems (IDSs) at the victims, but are hard to trace back to the attack origins. We propose CAPTRA, a CoordinAted Packet TRAceback mechanism, for wireless sensor networks (WSNs) that takes advantage of the broadcasting nature of the packet transmissions. By remembering packets in multi-dimensional Bloom filters distributed in overhearing sensors and later retrieving the information, CAPTRA identifies the path of the packet transfers using a series of REQUEST-VERDICT-CONFESS message exchanges between the forwarding and overhearing nodes. CAPTRA requires only small memory footprint on the sensors due to the usage of Bloom filters, and allows sensors to asynchronously refresh the Bloom filters so that the network traffic is continuously monitored. CAPTRA is simulated using J-Sim, and a few key parameters are tuned for the best tracing performance.

References

[1]

IEEE Std 802.11. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Technical report, IEEE, Jul. 1997.]]

[2]

S.M. Bellovin, Marcus Leech, and Tom Taylor. ICMP Traceback Messages. Technical report, Internet Draft, IETF, Mar. 2001.]]

[3]

B.H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of ACM, 13(7):422--426, Jul. 1970.]]

Digital Library

[4]

A. Broder and M. Mitzenmacher. Network applications of Bloom filters: a survey. In Proceedings of the 40th Annual Allerton Conference on Communication, Control, and Computing, 2002.]]

[5]

H.Y. Chang, P. Chen, A. Hayatnagarkar, R. Narayan, P. Sheth, N. Vo, C. L. Wu, S.F. Wu, L. Zhang, X. Zhang, F. Gong, F. Jou, C. Sargor, and X. Wu. Design and Implementation of A Real-Time Decentralized Source Identification System for Untrusted IP Packets. In Proceedings of the DARPA Information Survivability Conference and Exposition, Jan. 2000.]]

[6]

H.Y. Chang, R. Narayan, C. Sargor, F. Jou, S.F. Wu, B.M. Vetter, F. Gong, X. Wang, M. Brown, and J.J. Yuill. DECIDUOUS: Decentralized Source Identification for Network-Based Intrusions. In Proceeding of 6th IFIP/IEEE International Symposium on Integrated Network Management, pages 702--714, 1999.]]

[7]

Inc. CrossBow Technology. http://www.xbow.com, 2005.]]

[8]

D. Dean, M. Franklin, and A. Stubblefield. An Algebraic Approach to IP Traceback. In Proceedings of Network and Distributed System Security Symposium, Feb. 2001.]]

[9]

T.W. Doeppner, P. N. Klein, and A. Koyfman. Using Router Stamping to Identify the Source of IP Packets. In 7th ACM Conference on Computer and Communications Security, pages 184--189, Athens, Greece, Nov. 2000.]]

Digital Library

[10]

J. R. Douceur. The Sybil attack. In First International Workshop on Peer-to-Peer Systems (IPTPS), Mar. 2002.]]

Digital Library

[11]

L. Fan, P. Cao, J. Almeida, and A. Broder. Summary cache: A scalable wide-area Web cache sharing protocol. In Proceeding of SIGCOMM, 1998.]]

Digital Library

[12]

M.T. Goodrich. Efficient Packet Marking for Large-Scale IP Traceback. In 9th ACM Conf. on Computer and Communications Security (CCS), pages 117--126, 2002.]]

Digital Library

[13]

A. Kumar, J. Xu, E.L. Li, and J. Wang. Space-code bloom filter for efficient traffic flow measurement. In Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, pages 167--172, Miami Beach, FL, 2003.]]

Digital Library

[14]

J. Li, M. Sung, J. Xu, and L. Li. Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation. In IEEE Symposium on Security and Privacy, Berkeley, CA, May 2004.]]

[15]

A. Mankin, D. Massey, C. Wu, S. F. Wu, and L. Zhang. On Design and Evaluation of Intention-Driven ICMP Traceback. In Proceedings of IEEE International Conference on Computer Communications and Networks (IC3N), 2001.]]

[16]

M. Mitzenmacher. Compressed Bloom Filters. IEEE/ACM Transactions on Networks, 10(3):613--620, Oct. 2002.]]

Digital Library

[17]

K. Park and H. Lee. On the Effectiveness of Probabilistic Packet Marking for IP Traceback. In Proceedings of SIGCOMM, pages 15--26, 2001.]]

Digital Library

[18]

S.C. Rhea and J. Kubiatowicz. Probabilistic Location and Routing. In INFOCOM, 2002.]]

[19]

R. Rivest. RFC 1321 - The MD5 Message-Digest Algorithm. Technical report, MIT Laboratory for Computer Science and RSA Data Security, Inc., Network Working Group, Apr. 1992.]]

Digital Library

[20]

Y. Matias S. Cohen. Spectral Bloom Filters. In SIGMOD Conference on Management of Data, pages 241--252, 2003.]]

Digital Library

[21]

L.A. Sanchez, W.C. Milliken, A.C. Snoeren, F. Tchakountio, C.E. Jones, S.T. Kent, C. Partridge, and W.T. Strayer. Hardware Support for a Hash-Based IP Traceback. In Proceedings of DARPA Information Survivability Conference and Exposition, Jun. 2001.]]

[22]

S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical Network Support for IP Traceback. In Proceedings of ACM SIGCOMM Conference, Aug. 2000.]]

Digital Library

[23]

A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tchakountio, S.T. Kent, and W.T. Strayer. Hash-based IP Traceback. In Proceedings of ACM Conference on Applications, Technologies, Architectures and Protocols for Computer Communication (SIGCOMM), pages 3--14, 2001.]]

Digital Library

[24]

D.X. Song and A. Perrig. Advanced and Authenticated Marking Scheme for IP Traceback. In Proceedings of IEEE INFOCOM Conference, 2001.]]

[25]

R. Stone. CenterTrack: An IP Overlay Network for Tracking DoS Floods. In Proceedings of 9th Usenix Security Symposium, Aug. 2000.]]

Digital Library

[26]

S. Templeton and K. Levitt. Detecting spoofed packets. In Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX), 2003.]]

[27]

H. Tyan. J-Sim. http://www.j-sim.org/.]]

[28]

B. Vetter, F. Wang, and S.F. Wu. An Experimental Study of Insider Attacks for the OSPF Routing Protocol. In IEEE International Conference on Network Protocols (ICNP), pages 293--300, Oct. 1997.]]

Digital Library

[29]

M. Waldvogel. GOSSIB vs. IP Traceback Rumors. In Proceedings of 18th Annual Computer Security Applications Conference (ACSAC), Dec. 2002.]]

Digital Library

[30]

X. Wang and D.S. Reeves. Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In ACM Conference on Computer and Communications Security, pages 20--29, 2003.]]

Digital Library

Cited By

Sajeev SBansal MS.V. SJagadeesh HSaran HHu Y(2022)Secure and ultra-reliable provenance recovery in sparse networksAd Hoc Networks10.1016/j.adhoc.2022.102860131:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.adhoc.2022.102860
Wu DXu HJiang ZYu WWei XLu J(2021)EdgeLSTM: Towards Deep and Sequential Edge Computing for IoT ApplicationsIEEE/ACM Transactions on Networking10.1109/TNET.2021.307546829:4(1895-1908)Online publication date: Aug-2021
https://doi.org/10.1109/TNET.2021.3075468
Jagadeesh HVithalkar AKabra MJhunjhunwala NManav PHu Y(2020)Double-Edge Embedding Based Provenance Recovery for Low-Latency Applications in Wireless NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3001185(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.3001185
Show More Cited By

Index Terms

CAPTRA: coordinated packet traceback
1. Information systems
  1. Information storage systems
    1. Storage architectures
      1. Storage network architectures
2. Networks
  1. Network protocols
    1. Application layer protocols

Recommendations

Integrated Connectivity and Coverage Techniques for Wireless Sensor Networks
MobiWac '16: Proceedings of the 14th ACM International Symposium on Mobility Management and Wireless Access

A wireless sensor network (WSN) consists of a group of energy-constrained sensor nodes with the ability of both sensing and communication, which can be deployed in a field of interesting (FoI) for detecting or monitoring some special events and then ...
Movement-assisted sensor redeployment scheme for network lifetime increase
MSWiM '07: Proceedings of the 10th ACM Symposium on Modeling, analysis, and simulation of wireless and mobile systems

Sensor deployment in mobile sensor networks has received significant attention in recent years. Goals during sensor deployment include improving coverage, achieving load balance, and prolonging the network lifetime. To improve the initial deployment, ...
Sensor scheduling for p-percent coverage in wireless sensor networks

We study sensor scheduling problems of p-percent coverage in this paper and propose two scheduling algorithms to prolong network lifetime due to the fact that for some applications full coverage is not necessary and different subareas of the monitored ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IPSN '06: Proceedings of the 5th international conference on Information processing in sensor networks

April 2006

514 pages

ISBN:1595933344

DOI:10.1145/1127777

General Chair:
John Stankovic
University of Virginia
,
Program Chairs:
Phillip Gibbons
Intel Research
,
Stephen Wicker
Cornell University
,
Joe Paradiso
MIT

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 April 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

IPSN06

Sponsor:

SIGBED

IPSN06: The Fifth International Conference on Information Processing in Sensor Networks 2006

April 19 - 21, 2006

Tennessee, Nashville, USA

Acceptance Rates

Overall Acceptance Rate 143 of 593 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
554
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sajeev SBansal MS.V. SJagadeesh HSaran HHu Y(2022)Secure and ultra-reliable provenance recovery in sparse networksAd Hoc Networks10.1016/j.adhoc.2022.102860131:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.adhoc.2022.102860
Wu DXu HJiang ZYu WWei XLu J(2021)EdgeLSTM: Towards Deep and Sequential Edge Computing for IoT ApplicationsIEEE/ACM Transactions on Networking10.1109/TNET.2021.307546829:4(1895-1908)Online publication date: Aug-2021
https://doi.org/10.1109/TNET.2021.3075468
Jagadeesh HVithalkar AKabra MJhunjhunwala NManav PHu Y(2020)Double-Edge Embedding Based Provenance Recovery for Low-Latency Applications in Wireless NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3001185(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.3001185
Zeng YZhang XAkhtar RWang C(2018)A Blockchain-Based Scheme for Secure Data Provenance in Wireless Sensor Networks2018 14th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN)10.1109/MSN.2018.00009(13-18)Online publication date: Dec-2018
https://doi.org/10.1109/MSN.2018.00009
Liu ZLi ZLi MXing WLu DZhidan Liu Zhenjiang Li Mo Li Wei Xing Dongming Lu (2016)Path Reconstruction in Dynamic Wireless Sensor Networks Using Compressive SensingIEEE/ACM Transactions on Networking10.1109/TNET.2015.243580524:4(1948-1960)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1109/TNET.2015.2435805
Wang CZheng WBertino E(2016)Provenance for Wireless Sensor Networks: A SurveyData Science and Engineering10.1007/s41019-016-0017-x1:3(189-200)Online publication date: 27-Sep-2016
https://doi.org/10.1007/s41019-016-0017-x
Latif RAbbas HLatif SMasood A(2016)Distributed Denial of Service Attack Source Detection Using Efficient Traceback Technique (ETT) in Cloud-Assisted Healthcare EnvironmentJournal of Medical Systems10.1007/s10916-016-0515-440:7(1-13)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1007/s10916-016-0515-4
Zhang ZLi PWu FDeng J(2015)Double edge-based traceback for wireless sensor networksInternational Journal of Communication Networks and Distributed Systems10.1504/IJCNDS.2015.07029015:1(107-126)Online publication date: 1-Jul-2015
https://dl.acm.org/doi/10.1504/IJCNDS.2015.070290
Zhang ZLi PXiong XJiang C(2015)Non‐repeatedly marking traceback model for wireless sensor networksIET Wireless Sensor Systems10.1049/iet-wss.2014.00055:3(149-156)Online publication date: Jun-2015
https://doi.org/10.1049/iet-wss.2014.0005
Liu ZLi ZLi MXing WLu DWu JCheng XLi XSarkar S(2014)Path reconstruction in dynamic wireless sensor networks using compressive sensingProceedings of the 15th ACM international symposium on Mobile ad hoc networking and computing10.1145/2632951.2632967(297-306)Online publication date: 11-Aug-2014
https://dl.acm.org/doi/10.1145/2632951.2632967
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten