ABSTRACT
Increasing number of digital crime raises the need of investigation where the most critical step is to collect the evidences of attack and find the real origin of the attack. However the attacker can easily spoof the source IP address and hence the source IP address information in IP header of the packet cannot be considered as the evidence against the attacker. Traceback based network forensic is the category of techniques which can be used to accurately identify the source of the attack. The up-to-date analysis is required to construct the new methods for finding exact source. The detail issues and challenges in identifying the source has been investigated and discussed in this paper.
- Hootsuit. 2017. Digital in 2017 Global Overview. Retrieved from https://wearesocial.com/special-reports/digital-in-2017-global-overview.Google Scholar
- Turker Akyuz and Sogukpinar Ibrahim. 2009. Packet marking with distance based probabilities for IP traceback. In Proceedings of the 1st International Conference on Networks and Communications (NETCOM'09). IEEE, 433--438. Google ScholarDigital Library
- Hal Burch and Cheswick Bill. 2000. Tracing Anonymous Packets to Their Approximate Source. In Proceedings of the 14th USENIX conference on System administration (LISA '00). USENIX Association, Berkeley, CA, USA, 319--328. Google ScholarDigital Library
- Stefan Savage, David Wetherall, Karlin Anna and Anderson Tom. 2000. Practical network support for IP traceback. In Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM '00). ACM, New York, NY, USA, 295--306. Google ScholarDigital Library
- Andrey Belenky and Ansari Nirwan. 2003. On IP traceback. IEEE Communications magazine. IEEE, 142--153. Google ScholarDigital Library
- Vahid Aghaei Foroushani and Zincir-Heywood A. Nur. 2013. Deterministic and authenticated flow marking for IP traceback. In Proceedings of the 27th International Conference on Advanced Information Networking and Applications (AINA). IEEE, 397--404 Google ScholarDigital Library
- Masafumi Oe, Kadobayashi Youki and Yamaguchi Suguru. 2003. An implementation of a hierarchical IP traceback architecture. In Proceedings of the Symposium on Applications and the Internet Workshops. IEEE, 250--253 Google ScholarDigital Library
- Chao Gong and Sarac Kamil. 2008. A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking. IEEE Transactions on Parallel and Distributed Systems, 1310--1324. Google ScholarDigital Library
- Alex. C. Snoeren, Partridge C, Sanchez L.A, Jones C.E., Tchakountio F, Schwartz, Kent S.T. and Strayer W.T. 2002. Single-packet IP traceback. IEEE/ACM Transactions on Networking (ToN), 721--734. Google ScholarDigital Library
- Steven Michael Bellovin, Leech Marcus and Taylor T. 2003. ICMP traceback messages. Retrieved from https://tools.ietf.org/html/draft-ietf-itrace-04.Google Scholar
- Robert Stone. 2000. Centertrack: an IP overlay network for tracking DoS floods. In Proceedings of the USENIX Conference on Security Symposium, 114--114. Google ScholarDigital Library
- Jangwon Lee and Veciana De G.. 2005. Scalable multicast based filtering and tracing framework for defeating distributed DoS attacks. In . International Journal of Network Management, 43--60. Google ScholarDigital Library
- Yuichi Ohsita, Ata Shingo and Murata Masayuki. 2007. Identification of Attack Nodes from Traffic Matrix Estimation. In IEICE Transactions on Communications, 2854--2864Google Scholar
- Vrizlynn L.L Thing, Sloman Morris and Dulay Naranker. 2007. Non-intrusive IP Traceback for DDoS Attacks. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. ACM, 371--373. Google ScholarDigital Library
- Basheer Al-Duwairi and Manimaran G. 2004. A novel packet marking scheme for IP traceback. In Proceedings of the 10th International Conference on Parallel and Distributed Systems. IEEE, 195--202. Google ScholarDigital Library
- Marion Vasseur, Khatoun Rida and Serhrouchni A. 2015. Survey on packet marking fields and information for IP traceback. In Proceedings of International Conference Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS). IEEE, 1--8.Google Scholar
- Shui Yu, Zhou Wanlei, Guo Song and Guo Minyi. 2016. A feasible IP traceback framework through dynamic deterministic packet marking. In Transactions on Computers. IEEE, 1418--1427. Google ScholarDigital Library
- Xiao Liu, Dong Mianxiong, Ota Kaoru, Yang L.T. and Liu Anfeng. 2016. Trace malicious source to guarantee cyber security for mass monitor critical infrastructure. In Journal of Computer and System Sciences. Elsevier.Google Scholar
- Long Cheng, Divakaran D.M., Ang A.W.K, Lim W.Y. and Thing V.L. 2017. FACT: A Framework for Authentication in Cloud-Based IP Traceback. In Transactions on Information Forensics and Security. IEEE, 604--616.Google Scholar
- Peppino Fazio, Tropea M, Marano S. and Voznak M.. 2016. Meaningful attack graph reconstruction through stochastic marking analysis. In International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS). IEEE, 1--6.Google Scholar
- Xinyuan Wang. 2016. On the feasibility of real-time cyber attack attribution on the Internet. In Proceedings of Military Communications Conference, MILCOM 2016. IEEE, 289--294.Google ScholarCross Ref
- Vahid Aghaei Foroushani and Zincir-Heywood A. Nur. 2015. Probabilistic Flow Marking for IP Traceback (PFM). In 7th International Workshop on Reliable Networks Design and Modeling (RNDM). IEEE, 229--236.Google Scholar
- M Vijayalakshmi, Nithya N and Shalinie S.M. 2015. A novel algorithm on IP traceback to find the real source of spoofed IP packets. In Artificial Intelligence and Evolutionary Algorithms in Engineering Systems. Springer India 79--87.Google Scholar
- Vahid Aghaei Foroushani and Zincir-Heywood A. Nur. 2015. Investigating unique flow marking for tracing back DDoS attacks. In Proceedings of International Symposium on Integrated Network Management. IEEE 762--765.Google Scholar
- Hyungseok Kim, Kim E, Kang S. and Kim H.K. 2015. Network Forensic Evidence Generation and Verification Scheme (NFEGVS). In Telecommunication Systems. Springer, 261--273. Google ScholarDigital Library
- Peter Hillmann, Tietze F and Rodosek G.D. 2015. Tracemax: A novel single packet IP traceback strategy for data-flow analysis. In Proceedings of 40th International Conference on Local Computer Networks (LCN), IEEE, 177--180. Google ScholarDigital Library
- Mohammed N. Alenezi and Reed M.J. 2014. Uniform DoStraceback. In Computers & Security. Elsevier, 17--26. Google ScholarDigital Library
- Gaurav D. Barokar and Mahalle V. S. 2014. Identification of the Real Source of DDOS Attack by FDPM in IP Traceback System. In Modelling Symposium (EMS). IEEE, 392--396. Google ScholarDigital Library
- Ahmed Fadlallah. 2014. Adaptive probabilistic packet marking scheme for IP traceback. In World Congress on Computer Applications and Information Systems (WCCAIS). IEEE, 1--5.Google ScholarCross Ref
- Vahid Aghaei Foroushani and Zincir-Heywood A. Nur. 2014. TDFA: Traceback-based defense against DDoS flooding attacks. In Proceedings of 28th International Conference on Advanced Information Networking and Applications (AINA). IEEE, 597--604. Google ScholarDigital Library
- Kayoko Iwamoto, Soshi M. and Satoh T. 2014. An Efficient and Adaptive IP Traceback Scheme. In Proceedings of 7th International Conference on Service-Oriented Computing and Applications (SOCA). IEEE, 235--240. Google ScholarDigital Library
- Ashwani Parashar and Radhakrishnan R. 2014. Improved deterministic packet marking algorithm for ipv6 traceback. In Proceedings of International Conference on Electronics and Communication Systems (ICECS). IEEE, 1--4.Google Scholar
- VK.Soundar Rajam, Selvaram G, Pradeep Kumar M. and Shalinie S.M. 2013. Autonomous system based traceback mechanism for DDoS attack. In 5th International Conference on Advanced Computing (ICoAC). IEEE, 164--171.Google Scholar
- Y. Bhavani, Janaki V. and Sridevi R. 2013. IP traceback through modified probabilistic packet marking algorithm. In Proceedings of Region 10 Conference TENCON. IEEE, 1--5.Google Scholar
- Vahid Aghaei Foroushani and Zincir-Heywood A. Nur. 2013. Deterministic and Authenticated Flow Marking for IP Traceback. In Proceedings of International Conference on Advanced Information Networking &Applications. IEEE, 397--404. Google ScholarDigital Library
- Mohammed Alenezi and Reed M.J. 2013. Efficient AS DoStraceback. In Proceedings of International Conference on Computer Applications Technology. IEEE, 1--5.Google Scholar
- Sangita Roy, Singh Anurag. and Sairam A.S. 2013. IP traceback in star colored networks. In Proceedings of the International Conference on Communication Systems and Networks. IEEE, 1--9.Google Scholar
- Hongcheng Tian, Bi J. and Jiang X. 2013. An adaptive probabilistic marking scheme for fast and secure traceback. In Networking Science. Springer, 42--51.Google Scholar
- Kichang Kim, Kim J. and Hwang J. 2013. IP traceback with sparsely-tagged fragment marking scheme under massively multiple attack paths. In Cluster Computing. Springer, 229--239. Google ScholarDigital Library
- Li Ming Chen, Chen M.C, Liao W. and Sun Y.S. 2013. A Scalable Network Forensics Mechanism for Stealthy Self-Propagating Attacks. In Computer Communications. Elsevier, 1471--1484. Google ScholarDigital Library
- Ashwani Parashar and Radhakrishnan R. 2013. Improved deterministic packet marking algorithm. In Proceedings of 5th International Conference on Advanced Computing Technologies (ICACT). IEEE, 1--4.Google Scholar
- Guang Yao, Bi J. and Vasilakos A.V. 2015. Passive IP traceback: Disclosing the locations of IP spoofers from path backscatter. In Transactions on Information Forensics and Security. IEEE, 471--484.Google Scholar
- Samant Saurabh and Sairam A.S. 2014. ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters. In Computer Communications. Elsevier, 60--69. Google ScholarDigital Library
- B.C. Cheng, Liao G.T, Lin C.K., Hsu S.C, Hsu P.H. and Park J.H.. MIB-IT race-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis. In Proceedings of the Network and Parallel Computing. Springer, 101--109.Google Scholar
- H Guerid, A Serhrouchni, M Achemlal and K Mittig. 2011. A Novel Trace back Approach for Direct and Reflected ICMP Attacks. In Proceedings of the Conference on Network and Information Systems Security, 1--5.Google Scholar
- AR Kiremire, MR Brust and VV Phoha. 2012. A prediction based approach to IP trace back. In Proceedings of the IEEE Conference on Local Computer Networks Workshops. IEEE, 1022--1029.Google Scholar
- Guang Yao, Bi Jun and Zhou Z. 2010. Passive IP Traceback: Capturing the Origin of Anonymous Traffic Through Network Telescope. In Proceedings of the ACM SIGCOMM Conference. ACM, 413--414. Google ScholarDigital Library
- Fang Yu and Lee David. 2008. Internet Attack Traceback-Cross-validation and Pebble Tracing. In Proceedings of the Conference on Technologies for Homeland Security. IEEE, 378--383.Google ScholarCross Ref
- Cheol J. Chae, Lee S.H. Lee J.S. and Lee J.K.. 2007. A Study of Defense DDoS Attacks Using IP Traceback. In Proceedings of the International Conference on Intelligent Pervasive Computing. IEEE, 402--408. Google ScholarDigital Library
- AIzaddoost, M Othman and MFA Rasid. 2007. Accurate ICMP TraceBack Model under DoS/DDoS Attack. In Proceedings of the International Conference on Advanced Computing and Communications. IEEE, 441--446. Google ScholarDigital Library
- Fadlallah A and Serhrouchni A. 2006. PSAT: Proactive Signalling Architecture for IP Traceback. In Proceedings of the International Conference on Communication Networks and Services Research. IEEE, 293--299. Google ScholarDigital Library
- VL Thing, Lee HC, Sloman M and Zhou J. 2005, Enhanced ICMP traceback with cumulative path. In Proceedings of the International Conference on Vehicular Technology. IEEE, 2415--2419.Google Scholar
- Wayne Huang, Cong JL, Wu C, Zhao F and Wu SF. 2005. Design, Implementation, and Evaluation of FRiTrace. In Proceedings of the International Information Security Conference, Springer, 343--358.Google Scholar
- Bao Tung Wang and Schulzrinne H. 2004. A denial-of-service-resistant IP traceback approach. In Proceedings of the Ninth International Symposium on Computers and Communications, IEEE, 351--356. Google ScholarDigital Library
- Bao Tung Wang, Schulzrinne H. 2004. An IP traceback mechanism for reflective DoS attacks. In Proceedings of the Canadian Conference on Electrical and Computer Engineering. IEEE, 901--904.Google Scholar
- Ping Yan and Lee M.C. 2004. Towards an Adaptive Packet Marking Scheme for IP Traceback. In Proceedings of e-Business and Telecommunication Networks. Springer, 150--157.Google Scholar
- Vahid Aghaei Foroushani and Zincir-Heywood A. Nur. 2016. Autonomous system based flow marking scheme for IP-Traceback. In Network Operations and Management Symposium (NOMS). IEEE, 121--128.Google Scholar
- Mohammed Alenezi, and Reed M.J.. 2013. Efficient AS dos traceback. In Proceedings of International Conference on Computer Applications Technology. IEEE, 1--5.Google Scholar
- Hongcheng Tian, Bi J. and Xiao P. 2012. A Flow-Based Traceback Scheme on an AS-Level Overlay Network. In: Proceedings of the International Conference on Distributed Computing Systems Workshops, IEEE, 559--564. Google ScholarDigital Library
- Hongcheng Tian and Bi J. 2012. An Incrementally Deployable Flow-Based Scheme for IP Traceback. IEEE Communications Letters. 1140--1143.Google Scholar
- Hongcheng Tian, Bi J, Zhang W and Jiang X. 2011. EasyTrace: An easily-deployable light-weight IP traceback on an AS-level overlay network. In Proceedings of the International Conference on Network Protocols. IEEE, 129--130 Google ScholarDigital Library
- Andre Castelucio, Gomes A.T.A. and Ziviani A. 2010. Intra-domain IP traceback using OSPF. In Proceedings of the IEEE Symposium on Network Operations and Management. IEEE, 36--41.Google Scholar
- Andre Castelucio, Ziviani A and Salles RM. 2009. An AS-level overlay network for IP traceback. In IEEE Network: IEEE, 36--41. Google ScholarDigital Library
- Robert Stone. 2000. Centertrack: An IP overlay network for tracking DoS floods. In Proceedings of the USENIX Conference on Security Symposium. 15--15. Google ScholarDigital Library
- Magdy M. Fadel, El-Desoky A.I, Haikel A.Y. and Labib L.M.. 2016. A Low-Storage Precise IP Traceback Technique Based on Packet Marking and Logging. In The Computer Journal. Oxford, 1581--1592.Google Scholar
- EunHee Jeong and Lee B. 2014. An IP Traceback Protocol using a Compressed Hash Table, a Sinkhole router and data mining based on network forensics against network attacks. In Future Generation Computer Systems. Elsevier, 42--52. Google ScholarDigital Library
- Miang H. Yang, Yang M.C, Luo J.N. and Hsu W.C.. 2014. High accuracy and low storage hybrid IP traceback. In Proceedings of International Conference on Computer, Information and Telecommunication Systems (CITS). IEEE, 1--5.Google Scholar
- Ming C Yang. 2012. RIHT: A Novel Hybrid IP Traceback Scheme. IEEE Transactions on Information Forensics and Security. IEEE, 789--797. Google ScholarDigital Library
- Yulong Wang, Su S, Yang Y and Ren J. 2012. A More Efficient Hybrid Approach for Single-Packet IP Traceback. In Proceedings of the Euromicro International Conference on Parallel, Distributed & Network-Based Processing. IEEE, 275--282. Google ScholarDigital Library
- Ning Lu, Wang Y, Yang F and Xu M. 2012. A Novel Approach for Single-Packet IP Traceback Based on Routing Path. In Proceedings of the Euromicro International Conference on Parallel, Distributed and Network-Based Processing, IEEE, 253--260. Google ScholarDigital Library
- Tomoyuki Karasawa, Soshi M and Miyaji A. 2012. A Novel Hybrid IP Traceback Scheme with Packet Counters. In Proceedings of the International conference on Internet and Distributed Computing Systems, Springer, 71--84. Google ScholarDigital Library
- Hyung S. Kim. and Kim H.K. 2011. Network forensic evidence acquisition (NFEA) with packet marking. In Proceedings of 9th IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops IEEE, 388--393. Google ScholarDigital Library
- Wen C. Kuo, Chen Y.L, Tsai S.C and Li J.S. 2011. Single-Packet IP Traceback with Less Logging. In Proceedings of International Conference on Intelligent Information Hiding and Multimedia Signal Processing. IEEE, 97--100. Google ScholarDigital Library
- Hongbin Yim, Kim T, Jung J. 2011. Probabilistic Route Selection Algorithm to Trace DDoS Attack Traffic Source. In Proceedings of the International Conference on Information Science and Applications. IEEE, 1--8.Google Scholar
- Hao Shuai, H. Xiaohong and M.A. Yan. 2010. simple packet authentication mechanism based on stateless core approach. In Proceedings of the GLOBECOM Workshops. IEEE, 503--507.Google Scholar
- Li Yonghui, Yulong W, Fangchun Y, Sen S. and Dong Y. 2010. Deterministic packet marking based on the coordination of border gateways. In Proceedings of International Conference on Education Technology & Computer. IEEE, 154--16Google Scholar
- Zeeshan S. Khan, Akram N, Alghathbar K, She M. and Mehmood R. 2010. Secure single packet IP Traceback mechanism to identify the source. In Proceedings of the International Conference for Internet Technology and Secured Transactions. IEEE, 1--5.Google Scholar
- Hong Yim and J. Jung. 2009. Probabilistic Route Selection Algorithm for IP Traceback. In Proceedings of the Security Technology, Disaster Recovery and Business Continuity. Springer, 94--103.Google Scholar
- Xiao Wang and Xiao Y. 2009. IP Traceback Based on Deterministic Packet Marking and Logging. In Proceedings of the International Conference on Scalable Computing and Communications. IEEE, 178--182. Google ScholarDigital Library
- Ahmad Fadlallah, Serhrouchni A, Begriche Y. and Nait-Abdesselam F. 2008. A Hybrid Messaging-Based Scheme for IP Traceback. In Proceedings of the International Conference on Information and Communication Technologies: From Theory to Applications. IEEE, 1--6.Google Scholar
- Muthusrinivasan Muthuprasanna and Manimaran G. 2008. Distributed Divide-and-Conquer Techniques for Effective DDoS Attack Defenses. In Proceedings of the International Conference on Distributed Computing Systems. IEEE, 93--102. Google ScholarDigital Library
- S. Malliga and Tamilarasi A. 2008 A Proposal for New Marking Scheme with Its Performance Evaluation for IP Traceback. In WSEAS Transactions on Computer Research, 259--272. Google Scholar
- Ruijuan Zheng, Wu Q and Zhang M. 2008. An Intelligent Packet Marking Algorithm Based on Extended Huffman Coding. In Proceedings of the International Symposium on Intelligent Information Technology Application. IEEE, 60--64. Google ScholarDigital Library
- L. LI and Shen S. 2008. Packet track and traceback mechanism against denial of service attacks. The Journal of China Universities of Posts and Telecommunications. 51--58.Google Scholar
Index Terms
- Unmasking of source identity, a step beyond in cyber forensic
Recommendations
Protecting information infrastructure from DDoS attacks by MADF
Distributed Denial of Service (DDoS) attacks have become one of the most serious threats to the information infrastructure. In this paper, we propose a new approach, Mark-Aided Distributed Filtering (MADF), to find the network anomalies by using a back-...
Identify Uncertainty of Cyber Crime and Cyber Laws
CSNT '13: Proceedings of the 2013 International Conference on Communication Systems and Network TechnologiesCyber crime used different new methods in modern era. Cyber crime not well defined. It is very typical to identify new types of cyber crime. Cyber crime is defined in proper and standard manner than easy to make cyber laws. This uncertainty makes ...
Uniform DoS traceback
Denial of service (DoS) is a significant security challenge in the Internet. Identifying the attackers so that their attack traffic can be blocked at source is one strategy that can be used to mitigate DoS attacks. However, determining the source can be ...
Comments