Login Register Cart 0
Generic placeholder image

Recent Advances in Computer Science and Communications

Editor-in-Chief

ISSN (Print): 2666-2558
ISSN (Online): 2666-2566

Back
Journal Home About Journal Editorial Board Current Issue Volumes/Issues
Subscribe
Research Article

IP Traceback using Flow Based Classification

Author(s): Yerram Bhavani*, Vinjamuri Janaki and Rangu Sridevi

Volume 13, Issue 3, 2020

Page: [482 - 490] Pages: 9

DOI: 10.2174/2213275912666190328200635

Price: $65

Abstract

Background: Distributed Denial of Service (DDoS) attack is a major threat over the internet. The IP traceback mechanism defends against DDoS attacks by tracing the path traversed by attack packets. The existing traceback techniques proposed till now are found with few short comings. The victim required many number of packets to trace the attack path. The requirement of a large number of packets resulted in more number of combinations and more false positives.

Methods: To generate a unique value for the IP address of the routers in the attack path Chinese Remainder theorem is applied. This helped in combining the exact parts of the IP address at the victim. We also applied K-Nearest Neighbor (KNN) algorithm to classify the packets depending on their traffic flow, this reduced the number of packets to reconstruct the attack path.

Results: The proposed approach is compared with the existing approaches and the results demonstrated that the attack graph is effectively constructed with higher precision and lower combination overhead under large scale DDoS attacks. In this approach, packets from diverse flows are separated as per flow information by applying KNN algorithm. Hence, the reconstruction procedure could be applied on each group separately to construct the multiple attack paths. This results in reconstruction of the complete attack graph with fewer combinations and false positive rate.

Conclusion: In case of DDoS attacks the reconstruction of the attack path plays a major role in revealing IP addresses of the participated routers without false positives and false negatives. Our algorithm FRS enhances the feasibility of information pertaining to even the farthest routers by incorporating a flag condition while marking the packets. The rate of false positives and false negatives are drastically reduced by the application of Chinese Remainder Theorem on the IP addresses of the router. At the victim, the application of KNN algorithm reduced the combination overhead and the computation cost enormously.

Keywords: IP traceback, chinese remainder theorem, distributed denial of service (DDoS) attack, k-nearest neighbour (KNN) algorithm, Internet, Fast Reconstruction Scheme (FRS).

Graphical Abstract

[1]
S.S.L. Pereira, J.E.B. Maia, and J.L. de Castro e Silva, "ITCM: A real time internet traffic classifier monitor", Int. J. Comput. Sci. Inf. Technol., vol. 6, no. 6, pp. 23-38, December 2014.
[2]
Y. Wang, and S. Yu, "Machine learned real-time traffic classifiers", In: IEEE 2nd International Symposium on Intelligent Information Technology Application, 2008 , pp. 449-454.
[3]
A. Asosheh, and N. Ramezani, "A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification", WSEAS Trans. Comput., vol. 7, pp. 281-290, 2008.
[4]
H. Burch, and B. Cheswick, "Tracing anonymous packets to their approximate source", In: Proceedings of USENIX LISA, 2001 , pp. 319-327.
[5]
Y. Bhavani, V. Janaki, and R. Sridevi, "IP traceback through modified probabilistic packet marking algorithm", In: IEEE Region10 conference TENCON, 2013 , pp. 1565-1569.
[6]
Y. Bhavani, V. Janaki, and R. Sridevi, "“IP traceback through modified probabilistic packet marking algorithm using Chinese remainder theorem,” Ain Shams Eng. J", Elesvier, vol. 6, pp. 715-722, 2015.
[7]
S. Yu, W. Zhou, and M. Guo, "A feasible IP traceback framework through dynamic deterministic packet marking", IEEE Trans. Comput., vol. 65, pp. 1418-1427, 2016.
[8]
Y. Xiang, W. Zhou, and M. Guo, "Flexible deterministic packet marking: An IP traceback system to find the real source of attacks", IEEE Trans. Parallel Distrib. Syst., vol. 20, pp. 567-580, 2009.
[9]
S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical network support for IP traceback", In: Proceedings ACM SIGCOMM Conference, 2000..
[10]
A. Yaar, A. Perrig, and D. Song, "FIT: Fast internet traceback", In: Proc. IEEE Infocom., 2005..
[11]
D. Dean, M. Franklin, and A. Stubblefield, "An algebraic approach to IP traceback", ACM Trans. Inf. Syst. Secur., pp. 3-12, 2001.
[12]
A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tchakountio, and S.T. Kent, "Hash-based IP traceback", In: ACM SIGCOMM, 2001 , pp. 3-14.
[13]
D.X. Song, and A. Perrig, "Advanced and authenticated marking schemes for IP Traceback", In: IEEE Infocom, 2001 , pp. 878-886.
[14]
A.Y. Nur, and M.E. Tozal, "Record route IP traceback, combating DoS attacks and the variants", Comput. Secur., vol. 72, pp. 13-25, 2018.
[15]
Available From:, https;//tools.ietf.org/html/rfc7126#section-4.5.
[16]
A. Belenky, and N. Ansari, "IP traceback with deterministic packet marking", IEEE Commun. Lett., vol. 7, pp. 162-164, 2003.
[17]
A. Parashar, and R. Radhakrishnan, "Improved deterministic packet marking algorithm", In: 15th International Conference on Advanced Computing Technologies, 2013..
[18]
E.R. Harold, "Java Network Programming: Developing Networked Applications", O'Reilly Media, Inc., 2013..
[19]
Available From:, http://www.caida.org/data/active/ipv4_routed_24 _ topology_dataset. xml.

Rights & Permissions Print Cite
Article Metrics
3
© 2024 Bentham Science Publishers | Privacy Policy