Effectiveness of Advanced and Authenticated Packet Marking Scheme for Trace back of Denial of Service Attacks

Advanced and Authenticated Packet Marking (AAPM) scheme is one of the proposed packet marking schemes for the traceback of Denial of Service (DoS) attacks. AAPM uses hash functions to reduce the storage space requirement for encoding of router information in the IP header. In this paper we take the perspective of the attacker and analyze the effects of inserting fake edges against AAPM. Since the AAPM scheme is subject to spoofing of the marking field, by inserting fake edges (corrupting the marking field) in the packets the attacker can impede traceback. In this paper, we show that the attacker can increase this distance by inserting fake edges in packets. Therefore, the attacker can make it appear to the victim that the attack was launched from a node farther away than it actually was, thus maintaining his own anonymity

Network domain entrypoint/path determination for DDoS attacks

Accepted versio

A Novel IP Traceback Scheme for Spoofing Attack

Internet has been widely applied in various fields, more and more network security issues emerge and catch people\u27s attention. However, adversaries often hide themselves by spoofing their own IP addresses and then launch attacks. For this reason, researchers have proposed a lot of trace back schemes to trace the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others combine packet marking with packet logging and therefore create hybrid IP trace back schemes demanding less storage but requiring a longer search. In this paper, we propose a new hybrid IP trace back scheme with efficient packet logging aiming to have a fixed storage requirement for each router in packet logging without the need to refresh the logged tracking information and to achieve zero false positive and false negative rates in attack-path reconstruction

Reviewing Technological Solutions of Source Address Validation

It is essential to know the source IP address of a packet to prevent the IP spoofing attack which masquerades the sender\u27s true identity. If there is a way to trace back the origin of the massive DDoS attacks, we could find the responsible parties of the incidents and prevent future attacks by blocking them. Unfortunately, the original TCP/IP stacks don\u27t require the real source IP address to forward the packets to the destination. Malicious attackers can modify the source IP address to hide its true identity and able to send the fraudulent packets to the victim. One of the critical features of the next generation Internet is having a secure Internet which provides trust between participants and protects the privacy of the individuals. In this paper, we review the various approach to provide the source address validation (SAV) schemes. There are many new methods have been proposed, no single way is providing the comprehensive solution to this issue. Privacy is a critical issue to consider when the true identity is available on the network as well

Locating Network Domain Entry and Exit point/path for DDoS Attack Traffic

A method to determine entry and exit points or paths of DDoS attack traffic flows into and out of network domains is proposed. We observe valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses, to construct the attack paths. We consider deployment issues and show results from simulations to prove the feasibility of our scheme. We then implement our Traceback mechanism in C++ and more realistic experiments are conducted. The experiments show that accurate results, with high traceback speed of a few seconds, are achieved. Compared to existing techniques, our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. The scheme is simple and efficient, allowing for a fast traceback, and scalable due to the distribution of processing workload. © 2009 IEEE.Accepted versio

A Logarithmic and Exponentiation Based IP Traceback Scheme with Zero Logging and Storage Overhead

IP spoofing is sending Internet Protocol (IP) packets with a forged source IP address to conceal the identity of the sender. A Denial-of-Service attack is an attempt to make a machine unavailable to the intended users. This attack employs IP Spoofing to flood the victim with overwhelming traffic, thus bringing it down. To prevent such attacks, it is essential to find out the real source of these attacks. IP Traceback is a technique for reliably determining the true origin of a packet. To traceback, a marking and a traceback algorithm are proposed here which use logarithmic and exponentiation respectively. The time required for marking and traceback has been evaluated and compared with state-of-art techniques. The percentage of increase in marking information is found to be very less in the proposed system. It is also demonstrated that the proposed system does not require logging at any of the intermediate routers thus leading to zero logging and storage overhead. The system also provides 100% traceback accuracy

An Enhanced IP Trace Back Mechanism by using Particle Swarm System

Internet is the most powerful medium as on date, facilitating varied services to numerous users. It has also become the environment for cyber warfare where attacks of many types (financial, ideological, revenge) are being launched. �Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.� Cloud Storage is a service where data is remotely maintained, managed, and backed up. The service is available to users over a network, which is usually the internet. It allows the user to store files online so that the user can access them from any location via the internet. The provider company makes them available to the user online by keeping the uploaded files on an external server. In this paper, a novel Digital Network Forensic Investigation Method is proposed. This paper will do changes in the analysis and investigation place of the network forensic. The investigation of the case will be based on the previous data collecting framework. The Spoofed IP address are classified by the previous framework and Enhanced IP trace back mechanism by Particle Swarm System is trace the real victim of the case in the network forensic