Through our implementations on a platform, we validated our approach and demonstrated the feasibility of practical network forensics. This research proposes a novel approach to embed the essence of a management information base (MIB) into iTrace messages, named MIB-ITrace-CP, in order to improve the accuracy and efficiency of the original ICMP-based Traceback. Although the Internet Engineer Task Force (IETF) has proposed an Internet Control Message Protocol (ICMP) based Traceback solution, it faces severe difficulties in practice in regard to justifying the interoperability of deployed routers as well as the correctness of Traceback with multiple attack paths. For stepping-stone and masquerading techniques typically used in DoS/DDoS attacks such as internet protocol (IP) or Media Access Control (MAC) address spoofing, tracing the intrusion back to the true attacker becomes a challenging task for network security engineers. We demonstrated that our enhanced solution provides faster construction of the attack graph, with only marginal increase in computation, storage and bandwidth.Ī denial-of-service (DoS) / distributed-denial-of-service (DDoS) attack may result in rapid resource depletion along the attack path. Analytical and sim- ulation studies have been performed to evaluate the performance improvements. The enhancement consists in encoding the en- tire attack path information in the ICMP Traceback message. In this paper, we pro- pose an enhancement to the ICMP Traceback approach, called ICMP Traceback with Cumulative Path (ITrace-CP). Different traceback methods have been proposed, such as IP logging, IP marking and IETF ICMP Traceback (ITrace). The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. The current Internet protocols and infrastructure do not pro- vide intrinsic support to traceback the real attack sources. The attackers usually use IP spoong to conceal their real location. DoS/DDoS attacks constitute one of the major classes of security threats in the Internet today.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |