RPDT: An Architecture for IP Traceback in Partial Deployment Scenario

Li, Congzhou; Hu, Fei; Du, Xuehui

doi:10.1109/iccc47050.2019.9064353

Cited by 1 publication

(1 citation statement)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ling et al proposed a method to alter the TCP flow control messages server-side switches of the Software-Defined Networking (SDN) networks to trace the source [39]. Li et al developed a log-based IP traceback architecture suitable for partial deployment scenario in ISP level [40] Thus, Baba et al [41] used the data link layer to trace back the source of attackers. However, this method traces back only to the edge router closest to the attacker and not to the location of the device that launched the attack.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Multilayer Network Traceback to the Real Sources of Attack Devices

et al. 2020

View full text Add to dashboard Cite

In recent years, multiple connected devices and diversified network services have made the Internet an indispensable part of people's daily lives. As a result, copious valuable or personal data are stored online, attracting many malicious attackers and causing serious security threats. However, because attackers can conceal their actual attack locations by spoofing IP addresses, law enforcement cannot easily track them. Therefore, a method to trace stealth attacks is required. However, the traceback methods detailed in other studies all possess disadvantages. For example, they can only trace the attacker's edge router and cannot traceback to the actual device that launched the attack. In an environment where the core network includes a switch, several current IP traceback methods cannot correctly traceback the true attacker. Conventional IP traceback methods that traceback only attackers on the network layer and cannot infer the path information of a packet traversing the switch. This paper proposes a method to simultaneously traceback attack sources at the network layer and the data link layer. Using the method proposed in this paper, only a single packet is required to traceback the source of a stealth attack. Even if the core network contains a switch or if multiple attackers launch attacks from different locations, the method can correctly traceback the true devices responsible for the attacks, and its achievements include a zero false negative rate and a low false positive rate.

show abstract

Section: Introductionmentioning

confidence: 99%