Abstract
The primary aim of network forensics is to trace attackers and obtain evidence for possible prosecution. Many traceback techniques exist, but most of them focus on distributed denial of service (DDoS) attacks. This paper presents a novel traceback technique that deterministically marks the interface number and the address of the router from which each outgoing packet entered the network. An analysis against various traceback metrics demonstrates that the technique enhances network attack attribution.
Chapter PDF
References
H. Aljifri, IP traceback: A new denial-of-service deterrent? IEEE Security and Privacy, vol. 1(3), pp. 24–31, 2003.
A. Belenky and N. Ansari, IP traceback with deterministic packet marking, IEEE Communications Letters, vol. 7(4), pp. 163–164, 2003.
A. Belenky and N. Ansari, On IP traceback, IEEE Communications, vol. 41(7), pp. 142–153, 2003.
A. Belenky and N. Ansari, On deterministic packet marking, Computer Networks, vol. 51(10), pp. 2677–2700, 2007.
R. Chen, J. Park and R. Marchany, RIM: Router interface marking for IP traceback, Proceedings of the IEEE Global Telecommunications Conference, 2006.
Z. Gao and N. Ansari, Tracing cyber attacks from the practical perspective, IEEE Communications, vol. 43(5), pp. 123–131, 2005.
G. Jin and J. Yang, Deterministic packet marking based on redundant decomposition for IP traceback, IEEE Communications Letters, vol. 10(3), pp. 204–206, 2006.
S. Lee and C. Shields, Tracing the source of network attack: A technical, legal and societal problem, Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 239–246, 2001.
I. Lin and T. Lee, Robust and scalable deterministic packet marking scheme for IP traceback, Proceedings of the IEEE Global Telecommunications Conference, 2006.
D. Peng, Z. Shi, L. Tao and W. Ma, Enhanced and authenticated deterministic packet marking for IP traceback, Proceedings of the Seventh International Conference on Advanced Parallel Processing Technologies, pp. 508–517, 2007.
E. Pilli, R. Joshi and R. Niyogi, Network forensic frameworks: Survey and research challenges, Digital Investigation, vol. 7(1-2), pp. 14–27, 2010.
S. Rayanchu and G. Barua, Tracing attackers with deterministic edge router marking, Proceedings of the First International Conference on Distributed Computing and Internet Technology, pp. 400–409, 2004.
S. Savage, D. Wetherall, A. Karlin and T. Anderson, Network support for IP traceback, IEEE/ACM Transactions on Networking, vol. 9(3), pp. 226–237, 2001.
C. Shannon, D. Moore and K. Claffy, Characteristics of fragmented IP traffic on Internet links, Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement, pp. 83–97, 2001.
Y. Xiang, W. Zhou and M. Guo, Flexible deterministic packet marking: An IP traceback system to find the real source of attacks, IEEE Transactions on Parallel and Distributed Systems, vol. 20(4), pp. 567–580, 2009.
A. Yasinsac and Y. Manzano, Policies to enhance computer and network forensics, Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 289–295, 2001.
S. Yi, X. Yang, L. Ning and Q. Yong, Deterministic packet marking with link signatures for IP traceback, Proceedings of the Second SKLOIS Conference on Information Security and Cryptology, pp. 144–152, 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pilli, E., Joshi, R., Niyogi, R. (2011). Router and Interface Marking for Network Forensics. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics VII. DigitalForensics 2011. IFIP Advances in Information and Communication Technology, vol 361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24212-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-24212-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24211-3
Online ISBN: 978-3-642-24212-0
eBook Packages: Computer ScienceComputer Science (R0)