Skip to Main content Skip to Navigation
Conference papers

MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis

Abstract : A denial-of-service (DoS) / distributed-denial-of-service (DDoS) attack may result in rapid resource depletion along the attack path. For stepping-stone and masquerading techniques typically used in DoS/DDoS attacks such as internet protocol (IP) or Media Access Control (MAC) address spoofing, tracing the intrusion back to the true attacker becomes a challenging task for network security engineers. Although the Internet Engineer Task Force (IETF) has proposed an Internet Control Message Protocol (ICMP) based Traceback solution, it faces severe difficulties in practice in regard to justifying the interoperability of deployed routers as well as the correctness of Traceback with multiple attack paths. This research proposes a novel approach to embed the essence of a management information base (MIB) into iTrace messages, named MIB-ITrace-CP, in order to improve the accuracy and efficiency of the original ICMP-based Traceback. Through our implementations on a Testbed@TWISC platform, we validated our approach and demonstrated the feasibility of practical network forensics.
Document type :
Conference papers
Complete list of metadata

Cited literature [7 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, June 30, 2017 - 10:36:01 AM
Last modification on : Thursday, March 5, 2020 - 5:40:38 PM
Long-term archiving on: : Monday, January 22, 2018 - 9:11:11 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Bo-Chao Cheng, Guo-Tan Liao, Ching-Kai Lin, Shih-Chun Hsu, Ping-Hai Hsu, et al.. MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis. 9th International Conference on Network and Parallel Computing (NPC), Sep 2012, Gwangju, South Korea. pp.101-109, ⟨10.1007/978-3-642-35606-3_12⟩. ⟨hal-01551350⟩



Record views


Files downloads