An Enhanced IP Trace Back Mechanism by using Particle Swarm System

Internet is the most powerful medium as on date, facilitating varied services to numerous users. It has also become the environment for cyber warfare where attacks of many types (financial, ideological, revenge) are being launched. �Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.� Cloud Storage is a service where data is remotely maintained, managed, and backed up. The service is available to users over a network, which is usually the internet. It allows the user to store files online so that the user can access them from any location via the internet. The provider company makes them available to the user online by keeping the uploaded files on an external server. In this paper, a novel Digital Network Forensic Investigation Method is proposed. This paper will do changes in the analysis and investigation place of the network forensic. The investigation of the case will be based on the previous data collecting framework. The Spoofed IP address are classified by the previous framework and Enhanced IP trace back mechanism by Particle Swarm System is trace the real victim of the case in the network forensic

IP traceback with deterministic packet marking DPM

In this dissertation, a novel approach to Internet Protocol (IP) Traceback - Deterministic Packet Marking (DPM) is presented. The proposed approach is scalable, simple to implement, and introduces no bandwidth and practically no processing overhead on the network equipment. It is capable of tracing thousands of simultaneous attackers during a Distributed Denial of Service (DDoS) attack. Given sufficient deployment on the Internet, DPM is capable of tracing back to the slaves for DDoS attacks which involve reflectors. Most of the processing is done at the victim. The traceback process can be performed post-mortem, which allows for tracing the attacks that may not have been noticed initially or the attacks which would deny service to the victim, so that traceback is impossible in real time. Deterministic Packet Marking does not introduce the errors for the reassembly errors usually associated with other packet marking schemes. More than 99.99% of fragmented traffic will not be affected by DPM. The involvement of the Internet service providers (ISP) is very limited, and changes to the infrastructure and operation required to deploy DPM are minimal. Deterministic Packet Marking performs the traceback without revealing the internal topology of the provider\u27s network, which is a desirable quality of a traceback scheme

Mark-aided distributed filtering by using neural network for DDoS defense

Currently Distributed Denial of Service (DDoS) attacks have been identified as one of the most serious problems on the Internet. The aim of DDoS attacks is to prevent legitimate users from accessing desired resources, such as network bandwidth. Hence the immediate task of DDoS defense is to provide as much resources as possible to legitimate users when there is an attack. Unfortunately most current defense approaches can not efficiently detect and filter out attack traffic. Our approach is to find the network anomalies by using neural network, deploy the system at distributed routers, identify the attack packets, and then filter them. The marks in the IP header that are generated by a group of IP traceback schemes, Deterministic Packet Marking (DPM)/Flexible Deterministic Packet Marking (FDPM), assist this process of identifying attack packets. The experimental results show that this approach can be used to defend against both intensive and subtle DDoS attacks, and can catch DDoS attacks&rsquo; characteristic of starting from multiple sources to a single victim. According to results, we find the marks in IP headers can enhance the sensitivity and accuracy of detection, thus improve the legitimate traffic throughput and reduce attack traffic throughput. Therefore, it can perform well in filtering DDoS attack traffic precisely and effectively.<br /

Development of Internet Protocol Traceback Scheme for Detection of Denial-of-Service Attack

To mitigate the challenges that Flash Event (FE) poses to IP-Traceback techniques, this paper presents an IP Traceback scheme for detecting the source of a DoS attack based on Shark Smell Optimization Algorithm (SSOA). The developed model uses a discrimination policy with the hop-by-hop search. Random network topologies were generated using the WaxMan model in NS2 for different simulations of DoS attacks. Discrimination policies used by SSOA-DoSTBK for the attack source detection in each case were set up based on the properties of the detected attack packets. SSOA-DoSTBK was compared with a number of IP Traceback schemes for DoS attack source detection in terms of their ability to discriminate FE traffics from attack traffics and the detection of the source of Spoofed IP attack packets. SSOA-DoSTBK IP traceback scheme outperformed ACS-IPTBK that it was benchmarked with by 31.8%, 32.06%, and 28.45% lower FER for DoS only, DoS with FE, and spoofed DoS with FE tests respectively, and 4.76%, 11.6%, and 5.2% higher performance in attack path detection for DoS only, DoS with FE, and Spoofed DoS with FE tests, respectively. However, ACS-IPTBK was faster than SSOA-DoSTBK by 0.4%, 0.78%, and 1.2% for DoS only, DoS with FE, and spoofed DoS with FE tests, respectively. Keywords: DoS Attacks Detection, Denial-of-Service, Internet Protocol, IP Traceback, Flash Event, Optimization Algorithm

Internet Deployment of DPM-based IP Traceback

In this article, we introduce the Internet deployment guidelines for Deterministic Packet Marking (DPM) - a novel IP traceback method. Unlike other packet marking schemes, DPM cannot be deployed sporadically on the Internet. Therefore, in order to perform the traceback, a structured way of deployment is needed. Related to topology and deployment issues, discussion comparing the features of other full path schemes and ingress packet filtering to those of DPM is also presented

An approach in identifying and tracing back spoofed IP packets to their sources

With internet expanding in every aspect of businesses infrastructure, it becomes more and more important to make these businesses infrastructures safe and secure to the numerous attacks perpetrated on them conspicuously when it comes to denial of service (DoS) attacks. A Dos attack can be summarized as an effort carried out by either a person or a group of individual to suppress a particular outline service. This can hence be achieved by using and manipulating packets which are sent out using the IP protocol included into the IP address of the sending party. However, one of the major drawbacks is that the IP protocol is not able to verify the accuracy of the address and has got no method to validate the authenticity of the sender’s packet. Knowing how this works, an attacker can hence fabricate any source address to gain unauthorized access to critical information. In the event that attackers can manipulate this lacking for numerous targeted attacks, it would be wise and safe to determine whether the network traffic has got spoofed packets and how to traceback. IP traceback has been quite active specially with the DOS attacks therefore this paper will be focusing on the different types of attacks involving spoofed packets and also numerous methods that can help in identifying whether packet have spoofed source addresses based on both active and passive host based methods and on the router-based methods

IP Traceback Techniques -A Selective Survey

Abstract Since many years Internet has been used broadly in several fields, network security problems are the major concern. A literature survey is carried out in this context to explore different IP Traceback techniques. This paper presents several techniques to perform IP Traceback. The pros and cons of each technique are explained briefly in this paper