IP traceback is used to find network traffic attack. Origin of IP packet is not authenticated. So source of IP address is not trusted. A time limited token based authentication framework for authenticating traceback service queries is implemented. The design objective of the framework is preventing the illegal users for accessing traceback information.Thus to prevent network traffic attack
Internet contains huge collection of data. If your data does not provide appropriate control and security measures, it may be subjected to an attack. The most common type of network attack is denial of service attack. In this an attacker is trying to access illegal use of the service. The opponents are attacking networks by flooding and the computers with lots of traffic from one or more computers in the control of the attackers. Main difference between denial of service and distributed denial of service attack is, usually the denial of service attack uses only computer and one internet connection to bring a network or service by flooding with large amounts of traffic. As in the case of distributed denial of service attack, the attackers use multiple computers and internet connection for network traffic.
Reactive mechanism and proactive mechanism are preventive measures for distributed denial of service attacks. Logging, messaging and packet marking are proactive mechanisms. IP traceback is an example for reactive mechanism. The method that finds source and path of packets is known as IP traceback. The attackers are spoofed with hidden IP address. These traceback schemes are used in intra and inter autonomous system. Cloud based IP traceback simplify the traceback procedure. The main aim of the proposed system reducing the unauthorized users for accessing traceback data.
There are number of IP traceback approaches. These approaches are using different methods. IP spoofing attacks are critical issues to the internet. All of them have advantages and disadvantages. IP traceback is to find attack source when the source address is false. The existing traceback techniques do not provide satisfactory properties for traceback deployment.
Firstly analyze the probabilistic packet marking algorithm. The proposed approach is to solve the problem of IP traceback. In this concept is to mark packets in the router with certain probability. It contains three fields such as start field, end field and distance field. These fields constitute the 16-bit identification field. This identification field is used for packet marking. Victim uses the marked packet for further investigation. The advantage of this approach is less overhead. High probability over leftover packets is the drawback of probabilistic packet marking algorithm .
On deterministic packet marking, it addresses the drawback of packet marking algorithm. At ingress filtering marking is done all packets. The marking field has two fields such as ID field and Reserve flag field. When the victim gets the information of these two fields the victim can reconstruct the IP address. Whenever the packet enters the network, marking procedure is takes place. Deterministic packet marking is scalable and simple to implement. This scheme is false positive and also whenever the source address is spoofed it fails .
Dynamic probabilistic packet marking scheme is a new marking scheme. In probabilistic packet marking scheme uses certain probability. But in the case of dynamic probabilistic packet marking scheme it replaces the probability of marked packets. As a result it addresses the problem of leftover packets. In this scheme the victim can identify the true source of the attacker and also it contains no unmarked packets. Less number of attack packets required for IP and efficient for distributed denial of attacks is the advantages of this scheme. The difficulty of this scheme is marking generated by dynamic probabilistic packet marking is more than probabilistic packet marking and also high overhead of routers closest to source .
Flexible deterministic packet marking is an IP traceback system used for find the true source of attacks. According to the requirement, the marking field length is changed in flexible deterministic packet marking. The marking field length is adjusted because it is flexible and there by the rate of marking is varied according to traffic in the router. Large number of true sources with less false positive in packets and low resource requirement on routers. When compared with probabilistic packet marking flexible deterministic packet marking requires lesser configuration .
Light weight source authentication and path validation, in this concept introducing two secure protocols. This protocol is used for dynamically recreatable key set up, source authentication and path validation. The dynamically recreatable keys are recreatable and efficient. Source authentication and path validation is provided by origin and path trace protocol. It is scalable, lightweight secure protocol. The retroactive key set up process, the router cannot know advance paths and it is for preventing coward attacks .
Advanced and authentication packet marking techniques is for IP traceback. Path reconstruction is efficient and more accurate in advanced marking scheme. Authentication packet marking scheme provides authentication of marking. These schemes allow the victim to find the origin of spoofed IP packets. The main advantage of this scheme is, it is efficient against spurious markings. The limitations is, it have to perform additional functionality so the router is slow down. Also router requires private key for victim and router .
Scalable packet digesting schemes for IP traceback approach investigated two ways of aggregating the packets. The packet aggregation is to extend time of traceback query length. Packet aggregation consists of two parts, namely flow and source-destination set. These two parts provide lower memory requirements. Aggregated IP traceback schemes generate attack graphs. But the attack graph does not contain individual packet traceback information. An individual packet traceback approach contains logging of packet digests is necessary .
Hash based IP traceback system generates audit trails within the network. Each router stores the hash of the invariants. It is a 32-bit digest. Bloom filter is a space efficient data structure that store hash digests. To enable IP traceback, source path isolation engine is developed. It consists of three components such as Data Generation Agents, Source Path Isolation Engine Collection and Reducing Agent and Source Path Isolation Engine Traceback Manager. This traceback system can handle fragmentation and perform single packet traceback. The drawback of the system is, it requires high internet service provider’s involvement .
A novel hybrid traceback scheme integrates packet logging and marking. The router has an interface number. Packet is marked by interface number. Path reconstruction, false positive and negative rates in this scheme is more efficient. This scheme provide fixed storage requirement. Using this hybrid scheme, filter malicious traffic is identified. Marking field is marked in the hash table and table index is stored on the packet. The difficulty of the scheme is, if router is subverted then it gives false result .
Based on entropy variations, a novel traceback method is proposed. The entropy variation is in between normal and distributed denial of attack traffic. At given interval of time entropy variation determines the disordered flows. It works as independent software component. When the victim identifies an attack then the pushback tracing procedure. The advantage of this approach is, it is fast in large scale network attack. And also it is easy to implement .
Existing IP traceback techniques having number of limitations. The major problem of IP traceback is leaking network topology information. This will leads to economic inefficiency and technical shortcomings. Existing systems insufficient for providing security and practical alignment. In order to avoid the limitations of existing system cloud based authentication framework is proposed.
The new technique consists of traceback architecture. It contains of three layers, the central traceback coordinator layer, autonomous system level server layer and router layer. The main part of the system is central traceback coordinator. In the cloud based authentication framework, user gets a token that have a specific time for accessing traceback service. The proposed system ensures the user requesting traceback information is valid or not. The advantage of cloud based traceback is, it is incrementally deployable and reducing traffic flow attack .
One of the most popular techniques in identifying the attack source is the cloud based IP traceback mechanism. The cloud based IP traceback is an enhanced user authentication framework which make sure that the entity requesting for the traceback procedure is a real recipient of packets to be traced. The aim of the framework is to check illegal users from requesting trace back information. Such cloud based traceback simplifies the traceback processing and makes traceback service more accessible.
- IEEE INFOCOM 2001 Proceedings IEEE INFOCOM 2001 Conference on Computer Communications Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat No 01CH37213) INFCOM-01.2001. Google Scholar
- IP traceback with deterministic packet marking Belenky A, Ansari N. IEEE Communications Letters.2003-apr;:162-164. Google Scholar
- Dynamic Probabilistic Packet Marking Chaudhari KP, Turukmane AnilV. Mobile Communication and Power Engineering.2013;:381-384. Google Scholar
- Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks Xiang Yang, Zhou Wanlei, Guo Minyi. IEEE Transactions on Parallel and Distributed Systems.2009-apr;:567-580. Google Scholar
- Lightweight source authentication and path validation Kim TiffanyHyun-Jin, Basescu Cristina, Jia Limin, Lee SooBum, Hu Yih-Chun, Perrig Adrian. ACM SIGCOMM Computer Communication Review.2014-aug;:271-282. Google Scholar
- Advanced and authenticated marking schemes for IP traceback Song DawnXiaodong, Perrig A. Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).. Google Scholar
- Scalable packet digesting schemes for IP traceback Lee Tsern-Huei, Wu Wei-Kai, Huang Tze-YauWilliam. 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).2004. Google Scholar
- Hardware support for a hash-based IP traceback Sanchez LA, Milliken WC, Snoeren AC, Tchakountio F, Jones CE, Kent ST, Partridge C, Strayer WT. Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX\textquotesingle01.. Google Scholar
- RIHT: A Novel Hybrid IP Traceback Scheme Yang Ming-Hour, Yang Ming-Chien. IEEE Transactions on Information Forensics and Security.2012-apr;:789-797. Google Scholar
- Traceback of DDoS Attacks Using Entropy Variations Yu Shui, Zhou Wanlei, Doss Robin, Jia Weijia. IEEE Transactions on Parallel and Distributed Systems.2011-mar;:412-425. Google Scholar
- FACT: A Framework for Authentication in Cloud-Based IP Traceback Cheng Long, Divakaran DinilMon, Ang AloysiusWooiKiak, Lim WeeYong, Thing VrizlynnLL. IEEE Transactions on Information Forensics and Security.2017-mar;:604-616. Google Scholar