As the Internet Protocol (IP) does not ensure the authenticity of packets, it is sometimes necessary to discover or to confirm the real source of a packet received from the Internet Examples of these situations include tracking down the host from which an attack was launched. In this work we propose a new architecture for IPPT (IP Packet Tracing) based on the traditional concept of keeping traffic logs stored in Bloom filters. The proposed architecture returns an attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. We show that previously published approaches may return misleading attack graphs in some particular situations, which may even avoid the determination of the real attacker. The proposed architecture has two other features that improve the efficiency of the returned attack graph: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is proposed. The communication among the system's components preserves the confidentiality of the packet's information. The architecture was implemented and experimental results are presented.
|ホスト出版物のタイトル||GLOBECOM - IEEE Global Telecommunications Conference|
|出版ステータス||Published - 2007|
|イベント||50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007 - Washington, DC|
継続期間: 2007 11月 26 → 2007 11月 30
|Other||50th Annual IEEE Global Telecommunications Conference, GLOBECOM 2007|
|Period||07/11/26 → 07/11/30|
ASJC Scopus subject areas