ABSTRACT
Address spoofing is a thorny problem encountered in the development of the Internet. The governance of address spoofing attacks includes tracking the location of the attacker in response to subsequent attacks. In this article, based on in-band telemetry, we propose a backtracking scheme for address spoofing flows, design a telemetry header for recording the forwarding path, and provide a fine-grained backtracking function embedded in the telemetry header. We analyze the throughput of each network from the telemetry data, and initially predict the source of address spoofing. We conducted experiments to test the feasibility and accuracy of telemetry traceability, and analyzed the overhead of the finegrained traceability mechanism. Experiments show that our method takes up low overhead costs while ensuring traceability and accuracy.
- AWS. "Threat Landscape Report", https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf/, 2020, [on-line; accessed Oct. 12, 2021]Google Scholar
- Google, "Google stops biggest-ever DDoS cyber attack to date" https://cloud.google.com/blog/products/identity-security/identifying-and protecting-against-the-largest-ddos-attacks/,2020,[Online; accessed Oct. 14, 2021].Google Scholar
- M. Wang, B. Li and Z. Li, "sFlow: towards resource-efficient and agile service federation in service overlay networks," 24th International Conference on Distributed Computing Systems, 2004. Proceedings., 2004, pp. 628--635, doi: 10.1109/ICDCS.2004.1281630.Google Scholar
- Weiwei Z, Jian G, Wenjie G, et al.. NetFlow-based network traffic monitoring//13th Asia-Pacific Network Operations and Management Symposium, APNOMS 2011, Taipei, Taiwan, September 21-23, 2011. IEEE, 2011Google Scholar
- G. Li et al., "NETHCF: Enabling Line-rate and Adaptive Spoofed IP Traffic Filtering," 2019 IEEE 27th International Conference on Network Protocols (ICNP), 2019, pp. 1--12, doi: 10.1109/ICNP.2019.8888057.Google Scholar
- Bosshart, P., Daly, D., Izzard, M., Mckeown, N., Rexford, J., & Talayco, D., et al. (2013). Programming protocol-independent packet processors.Google Scholar
- Kaljic, E., Maric, A., Njemcevic, P., & Hadzialic, M. (2019). A survey on data plane flexibility and programmability in software-defined networking. IEEE Access, 7, 47804--47840.Google ScholarCross Ref
- Changhoon Kim, Anirudh Sivaraman, Naga Katta, Antonin Bas, Ad-wait Dixit, and Lawrence J. Wobker. In-band network telemetry via programmable data planes[C]// ACM SIGCOMM Symposium on SDN Research (SOSR), 2015.Google Scholar
- C. Kim et al.. In-band network telemetry (INT), Tech. Spec., Jun. 2016. [Online]. Available: https://p4.org/assets/INT-current-spec.pdfGoogle Scholar
- Liu Z, Bi J, Zhou Y, et al. Netvision: Towards network telemetry as a service[C]//2018 IEEE 26th International Conference on Network Protocols (ICNP). IEEE, 2018: 247--248.Google Scholar
- P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", RFC 2827, May 2000.Google ScholarDigital Library
- H. Burch and B. Cheswick, "Tracing anonymous packets to their approximate source", Proceedings of 14th Systems Administration Conference, 2000.Google ScholarDigital Library
- Abdullah Yasin Nur and Mehmet Engin Tozal, "Record route IP traceback: Combating DoS attacks and the variants", Computers & Security, vol. 72, pp. 13--25, January 2018.Google ScholarDigital Library
- A.C. Snoeren, C. Alex, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, et al., "Single-packet IP traceback", IEEE/ACM Transactions on Networking, vol. 10, pp. 721--734, December 2008.Google ScholarDigital Library
- A. Mankin, D. Massey and C. Wu, "On Design and Evaluation of Intension-driven ICMP Traceback", IEEE International Conference on Computer Communicati ons and networks, pp. 159--165, October 2001.Google Scholar
- C. Gong and K. Sarac, "A more practical approach for single-packet IP traceback using packet logging and marking", IEEE Transaction on Parallel and Distributed Systems, vol. 19, pp. 1310--1324, October 2008.Google ScholarDigital Library
Index Terms
- In-band Network Telemetry Based Fine-Grained Traceability Against IP Address Spooling Attack
Recommendations
NS-2 based IP traceback simulation against reflector based DDoS attack
AIS'04: Proceedings of the 13th international conference on AI, Simulation, and Planning in High Autonomy SystemsReflector attack belongs to one of the most serious types of Distributed Denial-of-Service (DDoS) attacks, which can hardly be traced by traceback techniques, since the marked information written by any routers between the attacker and the reflectors ...
Survey of network-based defense mechanisms countering the DoS and DDoS problems
This article presents a survey of denial of service attacks and the methods that have been proposed for defense against these attacks. In this survey, we analyze the design decisions in the Internet that have created the potential for denial of service ...
A table-driven approach for IP traceback based on network statistic analysis
ICACT'09: Proceedings of the 11th international conference on Advanced Communication Technology - Volume 3IP-spoofed DDoS attack is a serious security problem in Internet. Thus, an IP traceback approach is essential. In this paper, a fast IP traceback approach (FTA) based on network statistic analysis is proposed. By maintaining the Branch Label Table (BLT) ...
Comments