Improving the precision and efficiency of log-based IP packet traceback

Egon Hilgenstieler, Elias P. Duarte, Glenn Mansfield-Keeni, Norio Shiratori

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    4 Citations (Scopus)

    Abstract

    As the Internet Protocol (IP) does not ensure the authenticity of packets, it is sometimes necessary to discover or to confirm the real source of a packet received from the Internet Examples of these situations include tracking down the host from which an attack was launched. In this work we propose a new architecture for IPPT (IP Packet Tracing) based on the traditional concept of keeping traffic logs stored in Bloom filters. The proposed architecture returns an attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. We show that previously published approaches may return misleading attack graphs in some particular situations, which may even avoid the determination of the real attacker. The proposed architecture has two other features that improve the efficiency of the returned attack graph: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is proposed. The communication among the system's components preserves the confidentiality of the packet's information. The architecture was implemented and experimental results are presented.

    Original languageEnglish
    Title of host publicationGLOBECOM - IEEE Global Telecommunications Conference
    Pages1823-1827
    Number of pages5
    DOIs
    Publication statusPublished - 2007
    Event50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007 - Washington, DC
    Duration: 2007 Nov 262007 Nov 30

    Other

    Other50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007
    CityWashington, DC
    Period07/11/2607/11/30

    Fingerprint

    Internet protocols
    Routers
    Internet
    Communication

    ASJC Scopus subject areas

    • Engineering(all)

    Cite this

    Hilgenstieler, E., Duarte, E. P., Mansfield-Keeni, G., & Shiratori, N. (2007). Improving the precision and efficiency of log-based IP packet traceback. In GLOBECOM - IEEE Global Telecommunications Conference (pp. 1823-1827). [4411261] https://doi.org/10.1109/GLOCOM.2007.351

    Improving the precision and efficiency of log-based IP packet traceback. / Hilgenstieler, Egon; Duarte, Elias P.; Mansfield-Keeni, Glenn; Shiratori, Norio.

    GLOBECOM - IEEE Global Telecommunications Conference. 2007. p. 1823-1827 4411261.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Hilgenstieler, E, Duarte, EP, Mansfield-Keeni, G & Shiratori, N 2007, Improving the precision and efficiency of log-based IP packet traceback. in GLOBECOM - IEEE Global Telecommunications Conference., 4411261, pp. 1823-1827, 50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007, Washington, DC, 07/11/26. https://doi.org/10.1109/GLOCOM.2007.351
    Hilgenstieler E, Duarte EP, Mansfield-Keeni G, Shiratori N. Improving the precision and efficiency of log-based IP packet traceback. In GLOBECOM - IEEE Global Telecommunications Conference. 2007. p. 1823-1827. 4411261 https://doi.org/10.1109/GLOCOM.2007.351
    Hilgenstieler, Egon ; Duarte, Elias P. ; Mansfield-Keeni, Glenn ; Shiratori, Norio. / Improving the precision and efficiency of log-based IP packet traceback. GLOBECOM - IEEE Global Telecommunications Conference. 2007. pp. 1823-1827
    @inproceedings{fe75f84b6046409e8b99f1e5dad93986,
    title = "Improving the precision and efficiency of log-based IP packet traceback",
    abstract = "As the Internet Protocol (IP) does not ensure the authenticity of packets, it is sometimes necessary to discover or to confirm the real source of a packet received from the Internet Examples of these situations include tracking down the host from which an attack was launched. In this work we propose a new architecture for IPPT (IP Packet Tracing) based on the traditional concept of keeping traffic logs stored in Bloom filters. The proposed architecture returns an attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. We show that previously published approaches may return misleading attack graphs in some particular situations, which may even avoid the determination of the real attacker. The proposed architecture has two other features that improve the efficiency of the returned attack graph: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is proposed. The communication among the system's components preserves the confidentiality of the packet's information. The architecture was implemented and experimental results are presented.",
    author = "Egon Hilgenstieler and Duarte, {Elias P.} and Glenn Mansfield-Keeni and Norio Shiratori",
    year = "2007",
    doi = "10.1109/GLOCOM.2007.351",
    language = "English",
    isbn = "1424410436",
    pages = "1823--1827",
    booktitle = "GLOBECOM - IEEE Global Telecommunications Conference",

    }

    TY - GEN

    T1 - Improving the precision and efficiency of log-based IP packet traceback

    AU - Hilgenstieler, Egon

    AU - Duarte, Elias P.

    AU - Mansfield-Keeni, Glenn

    AU - Shiratori, Norio

    PY - 2007

    Y1 - 2007

    N2 - As the Internet Protocol (IP) does not ensure the authenticity of packets, it is sometimes necessary to discover or to confirm the real source of a packet received from the Internet Examples of these situations include tracking down the host from which an attack was launched. In this work we propose a new architecture for IPPT (IP Packet Tracing) based on the traditional concept of keeping traffic logs stored in Bloom filters. The proposed architecture returns an attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. We show that previously published approaches may return misleading attack graphs in some particular situations, which may even avoid the determination of the real attacker. The proposed architecture has two other features that improve the efficiency of the returned attack graph: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is proposed. The communication among the system's components preserves the confidentiality of the packet's information. The architecture was implemented and experimental results are presented.

    AB - As the Internet Protocol (IP) does not ensure the authenticity of packets, it is sometimes necessary to discover or to confirm the real source of a packet received from the Internet Examples of these situations include tracking down the host from which an attack was launched. In this work we propose a new architecture for IPPT (IP Packet Tracing) based on the traditional concept of keeping traffic logs stored in Bloom filters. The proposed architecture returns an attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. We show that previously published approaches may return misleading attack graphs in some particular situations, which may even avoid the determination of the real attacker. The proposed architecture has two other features that improve the efficiency of the returned attack graph: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is proposed. The communication among the system's components preserves the confidentiality of the packet's information. The architecture was implemented and experimental results are presented.

    UR - http://www.scopus.com/inward/record.url?scp=39349100164&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=39349100164&partnerID=8YFLogxK

    U2 - 10.1109/GLOCOM.2007.351

    DO - 10.1109/GLOCOM.2007.351

    M3 - Conference contribution

    AN - SCOPUS:39349100164

    SN - 1424410436

    SN - 9781424410439

    SP - 1823

    EP - 1827

    BT - GLOBECOM - IEEE Global Telecommunications Conference

    ER -