A Low-Storage Precise IP Traceback Technique Based on Packet Marking and Logging

Fadel, Magdy M.; El-Desoky, Ali I.; Haikel, Amira Y.; Labib, Labib M.

doi:10.1093/comjnl/bxw011

Cited by 7 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The network supervision department are concerned about its own storage overhead, but not about the storage overheads of traceback service providers. According to [18], by pairwise comparison of B2,i (1≤i≤3), the weight vector of single hierarchical arrangement, that B2,i (1≤i≤3) is relative to B2, is (2,2) = [0.0909 0.0909 0.8182] T (3) According to [18] and Fig. 2, the weight vectors of single hierarchical arrangement, that the 3 rd level is relative to B1 of the 2 nd level, is According to [18] and Fig.…”

Section: Evaluation On 4 Traceback Methodsmentioning

confidence: 99%

AEMT: An Analytic Hierarchy Process-based Evaluation Model for IP Traceback

2021

Proceedings of 2021 the 11th International Workshop on Computer Science and Engineering

View full text Add to dashboard Cite

Distributed denial of service attacks continue to pose major threats to the Internet. Attackers often forge source addresses to escape detection, how to effectively trace the attackers back is an important issue of Internet security. Researchers have proposed various IP traceback schemes, but for these schemes, there exist some shortcomings in the aspects of computation overhead, storage overhead, traceback accuracy, traceback time and so on. Furthermore, in the field of IP traceback, comparisons among different IP traceback methods are mainly ones of multiple evaluation indexes one by one, and there does not exist an evaluation model (or an evaluation method) to comprehensively evaluate different schemes. The paper has proposed an analytic hierarchy process-based evaluation model for IP traceback (AEMT). Subsequently, the paper takes the network supervision department (an evaluator) and selecting a method under all scenes for the random deployment (a model target) for example, and applies AEMT to evaluate four typical traceback methods based on unified simulation experiments. In the end, the evaluation result conforms to the design and application characteristics of traceback methods. AEMT can supply the traceback field with an evaluation model, which can comprehensively quantitatively evaluate different traceback schemes.

show abstract

Section: Evaluation On 4 Traceback Methodsmentioning

confidence: 99%

AEMT: An Analytic Hierarchy Process-based Evaluation Model for IP Traceback

2021

Proceedings of 2021 the 11th International Workshop on Computer Science and Engineering

View full text Add to dashboard Cite

show abstract

“…At the same time, the MOD server deposits the IP address of the request router and the assigned marks, which are used to identify the IP addresses of the attack sources, respectively, into its MOD database. Fadel et al [42] have presented a new hybrid IP traceback framework. is framework is based on both marking and logging techniques.…”

Section: Ics Intrusion Detection Khalili and Samimentioning

confidence: 99%

ICSTrace: A Malicious IP Traceback Model for Attacking Data of the Industrial Control System

Xiao

Chen

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Considering that the attacks against the industrial control system are mostly organized and premeditated actions, IP traceback is significant for the security of the industrial control system. Based on the infrastructure of the internet, we have developed a novel malicious IP traceback model, ICSTrace, without deploying any new services. The model extracts the function codes and their parameters from the attack data according to the format of the industrial control protocol and employs a short sequence probability method to transform the function codes and their parameters into a vector, which characterizes the attack pattern of malicious IP addresses. Furthermore, a partial seeded K-means algorithm is proposed for the pattern’s clustering, which helps in tracing the attacks back to an organization. ICSTrace is evaluated based on the attack data captured by the large-scale deployed honeypots for the industrial control system, and the results demonstrate that ICSTrace is effective on malicious IP traceback in the industrial control system.

show abstract

“…At the same time, the MOD server deposits the IP address of the request router and the assigned marks, which are used to identify the IP addresses of the attack sources respectivelyinto its MOD database. Fadel et al [14] have presented a new hybrid IP traceback framework. This framework is based on both marking and logging techniques.…”

Section: Ip Tracebackmentioning

confidence: 99%

ICSTrace: A Malicious IP Traceback Model for Attacking Data of Industrial Control System

Xiao

Xu²

2019

Preprint

View full text Add to dashboard Cite

Considering the attacks against industrial control system are mostly organized and premeditated actions, IP traceback is significant for the security of industrial control system. Based on the infrastructure of the Internet, we have developed a novel malicious IP traceback model-ICSTrace, without deploying any new services. The model extracts the function codes and their parameters from the attack data according to the format of industrial control protocol, and employs a short sequence probability method to transform the function codes and their parameter into a vector, which characterizes the attack pattern of malicious IP addresses. Furthermore, a Partial Seeded K-Means algorithm is proposed for the pattern's clustering, which helps in tracing the attacks back to an organization. ICSTrace is evaluated basing on the attack data captured by the large-scale deployed honeypots for industrial control system, and the results demonstrate that ICSTrace is effective on malicious IP traceback in industrial control system.

show abstract

A Low-Storage Precise IP Traceback Technique Based on Packet Marking and Logging

Cited by 7 publications

References 15 publications

AEMT: An Analytic Hierarchy Process-based Evaluation Model for IP Traceback

AEMT: An Analytic Hierarchy Process-based Evaluation Model for IP Traceback

ICSTrace: A Malicious IP Traceback Model for Attacking Data of the Industrial Control System

ICSTrace: A Malicious IP Traceback Model for Attacking Data of Industrial Control System

Contact Info

Product

Resources

About