Extensions to the source path isolation engine for precise and efficient log-based IP traceback

Egon Hilgenstieler, Elias P. Duarte, Glenn Mansfield-Keeni, Norio Shiratori

    研究成果: Article

    21 引用 (Scopus)

    抜粋

    IP traceback is used to determine the source and path traversed by a packet received from the Internet. In this work we first show that the Source Path Isolation Engine (SPIE), a classical log-based IP traceback system, can return misleading attack graphs in some particular situations, which may even make it impossible to determine the real attacker. We show that by unmasking the TTL field SPIE returns a correct attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. Nevertheless, an unmasked TTL poses new challenges in order to preserve the confidentiality of the communication among the system's components. We solve this problem presenting two distributed algorithms for searching across the network overlay formed by the packet log bases. Two other extensions to SPIE are proposed that improve the efficiency of source discovery: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is employed, which is based on the actual capacity factor instead of the fixed time interval originally employed by SPIE. The system was implemented and experimental results are presented.

    元の言語English
    ページ(範囲)383-392
    ページ数10
    ジャーナルComputers and Security
    29
    発行部数4
    DOI
    出版物ステータスPublished - 2010 6

    ASJC Scopus subject areas

    • Computer Science(all)
    • Law

    フィンガープリント Extensions to the source path isolation engine for precise and efficient log-based IP traceback' の研究トピックを掘り下げます。これらはともに一意のフィンガープリントを構成します。

  • これを引用