DoS/DDoS attacks constitute one of the major classes of security threats in the Internet today. The attackers usually use IP spoofing to conceal their real location. The current Internet protocols and infrastructure do not provide intrinsic support to traceback the real attack sources. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Different traceback methods have been proposed, such as IP logging, IP marking and IETF ICMP Traceback (ITrace). In this paper, we propose an enhancement to the ICMP Traceback approach, called ICMP Traceback with Cumulative Path (ITrace-CP). The enhancement consists in encoding the entire attack path information in the ICMP Traceback message. Analytical and simulation studies have been performed to evaluate the performance improvements. We demonstrated that our enhanced solution provides faster construction of the attack graph, with only marginal increase in computation, storage and bandwidth.
展开▼
机译:DoS / DDoS攻击是当今Internet上主要的安全威胁类别之一。攻击者通常使用IP欺骗来隐藏其真实位置。当前的Internet协议和基础结构不提供内部支持来追溯真实的攻击源。 IP Traceback的目的是确定实际的攻击源以及攻击数据包采用的完整路径。已经提出了不同的追溯方法,例如IP日志记录,IP标记和IETF ICMP追溯(ITrace)。在本文中,我们提出了对ICMP追溯方法的增强,称为“具有累积路径的ICMP追溯”(ITrace-CP)。增强之处在于将整个攻击路径信息编码在ICMP Traceback消息中。已经进行了分析和仿真研究,以评估性能改进。我们证明了我们的增强解决方案可以更快地构建攻击图,而在计算,存储和带宽方面仅略有增加。
展开▼
