Improving the precision and efficiency of log-based IP packet traceback

Egon Hilgenstieler*, Elias P. Duarte, Glenn Mansfield-Keeni, Norio Shiratori


    研究成果: Conference contribution

    5 被引用数 (Scopus)


    As the Internet Protocol (IP) does not ensure the authenticity of packets, it is sometimes necessary to discover or to confirm the real source of a packet received from the Internet Examples of these situations include tracking down the host from which an attack was launched. In this work we propose a new architecture for IPPT (IP Packet Tracing) based on the traditional concept of keeping traffic logs stored in Bloom filters. The proposed architecture returns an attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. We show that previously published approaches may return misleading attack graphs in some particular situations, which may even avoid the determination of the real attacker. The proposed architecture has two other features that improve the efficiency of the returned attack graph: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is proposed. The communication among the system's components preserves the confidentiality of the packet's information. The architecture was implemented and experimental results are presented.

    ホスト出版物のタイトルGLOBECOM - IEEE Global Telecommunications Conference
    出版ステータスPublished - 2007
    イベント50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007 - Washington, DC
    継続期間: 2007 11月 262007 11月 30


    Other50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007
    CityWashington, DC

    ASJC Scopus subject areas

    • 工学(全般)


    「Improving the precision and efficiency of log-based IP packet traceback」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。