MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis

Abstract : A denial-of-service (DoS) / distributed-denial-of-service (DDoS) attack may result in rapid resource depletion along the attack path. For stepping-stone and masquerading techniques typically used in DoS/DDoS attacks such as internet protocol (IP) or Media Access Control (MAC) address spoofing, tracing the intrusion back to the true attacker becomes a challenging task for network security engineers. Although the Internet Engineer Task Force (IETF) has proposed an Internet Control Message Protocol (ICMP) based Traceback solution, it faces severe difficulties in practice in regard to justifying the interoperability of deployed routers as well as the correctness of Traceback with multiple attack paths. This research proposes a novel approach to embed the essence of a management information base (MIB) into iTrace messages, named MIB-ITrace-CP, in order to improve the accuracy and efficiency of the original ICMP-based Traceback. Through our implementations on a Testbed@TWISC platform, we validated our approach and demonstrated the feasibility of practical network forensics.
Type de document :
Communication dans un congrès
James J. Park; Albert Zomaya; Sang-Soo Yeo; Sartaj Sahni. 9th International Conference on Network and Parallel Computing (NPC), Sep 2012, Gwangju, South Korea. Springer, Lecture Notes in Computer Science, LNCS-7513, pp.101-109, 2012, Network and Parallel Computing. 〈10.1007/978-3-642-35606-3_12〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01551350
Contributeur : Hal Ifip <>
Soumis le : vendredi 30 juin 2017 - 10:36:01
Dernière modification le : vendredi 1 décembre 2017 - 01:09:58

Fichier

978-3-642-35606-3_12_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Bo-Chao Cheng, Guo-Tan Liao, Ching-Kai Lin, Shih-Chun Hsu, Ping-Hai Hsu, et al.. MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis. James J. Park; Albert Zomaya; Sang-Soo Yeo; Sartaj Sahni. 9th International Conference on Network and Parallel Computing (NPC), Sep 2012, Gwangju, South Korea. Springer, Lecture Notes in Computer Science, LNCS-7513, pp.101-109, 2012, Network and Parallel Computing. 〈10.1007/978-3-642-35606-3_12〉. 〈hal-01551350〉

Partager

Métriques

Consultations de la notice

47

Téléchargements de fichiers

20