Extensions to the source path isolation engine for precise and efficient log-based IP traceback

Egon Hilgenstieler, Elias P. Duarte*, Glenn Mansfield-Keeni, Norio Shiratori


    研究成果: Article査読

    25 被引用数 (Scopus)


    IP traceback is used to determine the source and path traversed by a packet received from the Internet. In this work we first show that the Source Path Isolation Engine (SPIE), a classical log-based IP traceback system, can return misleading attack graphs in some particular situations, which may even make it impossible to determine the real attacker. We show that by unmasking the TTL field SPIE returns a correct attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. Nevertheless, an unmasked TTL poses new challenges in order to preserve the confidentiality of the communication among the system's components. We solve this problem presenting two distributed algorithms for searching across the network overlay formed by the packet log bases. Two other extensions to SPIE are proposed that improve the efficiency of source discovery: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is employed, which is based on the actual capacity factor instead of the fixed time interval originally employed by SPIE. The system was implemented and experimental results are presented.

    ジャーナルComputers and Security
    出版ステータスPublished - 2010 6月

    ASJC Scopus subject areas

    • コンピュータ サイエンス(全般)
    • 法学


    「Extensions to the source path isolation engine for precise and efficient log-based IP traceback」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。