Multilayer collaborative traceback technique based on net-flow fingerprint

Aimed at loop fallacy, indeterminate serialisation of suspicious nodes and local overload problems of suspicious information source traceback in net-flow exchange, this paper proposes a multilayer collaborative traceback technique based on net-flow fingerprint. The traceback is divided into controllable inter-AS layer, intra-AS routing layer and controllable subnet layer. Based on the characteristics of each layer, it achieves efficient suspicious path extraction in controllable inter-AS layer by BGP protocol properties. In intra-AS routing layer, it solves loop fallacy by directed graph transformation and indeterminate serialisation of suspicious nodes by local time relationship approach. In controllable subnet layer, it achieves precise location by using forwarding tables. What is more, by proposing multilayer collaborative approach, it improves the efficiency of suspicious path extraction and reduces local overload of traceback servers without compromising the accuracy of traceback. Finally, the correctness and computational complexity of NFCMT are proved, and the feasibility and correctness of this scheme are discussed by experiments.

[1]  Ming-Chien Yang,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2012, IEEE Transactions on Information Forensics and Security.

[2]  Zhou Miao,et al.  Modeling the Complex Internet Topology , 2009 .

[3]  Peng Ning,et al.  Tracing Traffic through Intermediate Hosts that Repacketize Flows , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[4]  Long Keping Hierarchical stateless single-packet IP traceback technique , 2011 .

[5]  Xindong Wu,et al.  An Intrusion Detection Model Based on Mining Data Streams , 2008, DMIN.

[6]  Nikita Borisov,et al.  SWIRL: A Scalable Watermark to Detect Correlated Network Flows , 2011, NDSS.

[7]  Xiaogang Wang,et al.  An interval centroid based spread spectrum watermark for tracing multiple network flows , 2009, 2009 IEEE International Conference on Systems, Man and Cybernetics.

[8]  Douglas S. Reeves,et al.  Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[9]  Amin Vahdat,et al.  Graph annotations in modeling complex network topologies , 2007, TOMC.

[10]  Alexander Afanasyev,et al.  BGP Routing Table: Trends and Challenges , 2009 .

[11]  Yuval Shavitt,et al.  A model of Internet topology using k-shell decomposition , 2007, Proceedings of the National Academy of Sciences.

[12]  Zakaria Al-Qudah,et al.  DDoS protection as a service: hiding behind the giants , 2014, Int. J. Comput. Sci. Eng..

[13]  Chen Hong-liang Algorithm for Physical Topology Discovery in Multi-subnet Networks , 2010 .

[14]  Jianhong Zhang,et al.  On the security of an ID-based anonymous proxy signature scheme and its improved scheme , 2013, Int. J. Embed. Syst..

[15]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[16]  Li Yang,et al.  An Adaptive Alert Correlation Method Based on Pattern Mining and Clustering Analysis , 2009 .

[17]  Xiaogang Wang,et al.  A Double Interval Centroid-Based Watermark for network flow traceback , 2010, The 2010 14th International Conference on Computer Supported Cooperative Work in Design.

[18]  Georg Carle,et al.  Real-time Analysis of Flow Data for Network Attack Detection , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[19]  Wanlei Zhou,et al.  Protecting information infrastructure from DDoS attacks by MADF , 2006, Int. J. High Perform. Comput. Netw..

[20]  Norio Shiratori,et al.  Extensions to the source path isolation engine for precise and efficient log-based IP traceback , 2010, Comput. Secur..

[21]  Rahmat Budiarto,et al.  Dropped Packet Problems in Stepping Stone Detection Method , 2008 .

[22]  Liu Luo-kun Hierarchy analysis and modeling on the Internet AS-level topology , 2011 .

[23]  Anazida Zainal,et al.  Solving time gap problems through the optimization of detecting stepping stone algorithm , 2004, The Fourth International Conference onComputer and Information Technology, 2004. CIT '04..

[24]  Dmitri V. Krioukov,et al.  AS relationships: inference and validation , 2006, CCRV.

[25]  Lei Chen Survey of network flow identification technology , 2013 .