Identification of Attack Nodes from Traffic Matrix Estimation
Summary :
Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent this type of traffic is to identify the attack nodes and detach (or block) attack nodes at their egress routers. However, existing traceback mechanisms are currently not widely used for several reasons, such as the necessity of replacement of many routers to support traceback capability, or difficulties in distinguishing between attacks and legitimate traffic. In this paper, we propose a new scheme that enables a traceback from a victim to the attack nodes. More specifically, we identify the egress routers that attack nodes are connecting to by estimating the traffic matrix between arbitral source-destination edge pairs. By monitoring the traffic variations obtained by the traffic matrix, we identify the edge routers that are forwarding the attack traffic, which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E90-B No.10 pp.2854-2864
- Publication Date
- 2007/10/01
- Publicized
- Online ISSN
- 1745-1345
- DOI
- 10.1093/ietcom/e90-b.10.2854
- Type of Manuscript
- PAPER
- Category
- Internet
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Yuichi OHSITA, Shingo ATA, Masayuki MURATA, "Identification of Attack Nodes from Traffic Matrix Estimation" in IEICE TRANSACTIONS on Communications,
vol. E90-B, no. 10, pp. 2854-2864, October 2007, doi: 10.1093/ietcom/e90-b.10.2854.
Abstract: Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent this type of traffic is to identify the attack nodes and detach (or block) attack nodes at their egress routers. However, existing traceback mechanisms are currently not widely used for several reasons, such as the necessity of replacement of many routers to support traceback capability, or difficulties in distinguishing between attacks and legitimate traffic. In this paper, we propose a new scheme that enables a traceback from a victim to the attack nodes. More specifically, we identify the egress routers that attack nodes are connecting to by estimating the traffic matrix between arbitral source-destination edge pairs. By monitoring the traffic variations obtained by the traffic matrix, we identify the edge routers that are forwarding the attack traffic, which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.
URL: https://globals.ieice.org/en_transactions/communications/10.1093/ietcom/e90-b.10.2854/_p
Copy
@ARTICLE{e90-b_10_2854,
author={Yuichi OHSITA, Shingo ATA, Masayuki MURATA, },
journal={IEICE TRANSACTIONS on Communications},
title={Identification of Attack Nodes from Traffic Matrix Estimation},
year={2007},
volume={E90-B},
number={10},
pages={2854-2864},
abstract={Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent this type of traffic is to identify the attack nodes and detach (or block) attack nodes at their egress routers. However, existing traceback mechanisms are currently not widely used for several reasons, such as the necessity of replacement of many routers to support traceback capability, or difficulties in distinguishing between attacks and legitimate traffic. In this paper, we propose a new scheme that enables a traceback from a victim to the attack nodes. More specifically, we identify the egress routers that attack nodes are connecting to by estimating the traffic matrix between arbitral source-destination edge pairs. By monitoring the traffic variations obtained by the traffic matrix, we identify the edge routers that are forwarding the attack traffic, which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.},
keywords={},
doi={10.1093/ietcom/e90-b.10.2854},
ISSN={1745-1345},
month={October},}
Copy
TY - JOUR
TI - Identification of Attack Nodes from Traffic Matrix Estimation
T2 - IEICE TRANSACTIONS on Communications
SP - 2854
EP - 2864
AU - Yuichi OHSITA
AU - Shingo ATA
AU - Masayuki MURATA
PY - 2007
DO - 10.1093/ietcom/e90-b.10.2854
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E90-B
IS - 10
JA - IEICE TRANSACTIONS on Communications
Y1 - October 2007
AB - Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent this type of traffic is to identify the attack nodes and detach (or block) attack nodes at their egress routers. However, existing traceback mechanisms are currently not widely used for several reasons, such as the necessity of replacement of many routers to support traceback capability, or difficulties in distinguishing between attacks and legitimate traffic. In this paper, we propose a new scheme that enables a traceback from a victim to the attack nodes. More specifically, we identify the egress routers that attack nodes are connecting to by estimating the traffic matrix between arbitral source-destination edge pairs. By monitoring the traffic variations obtained by the traffic matrix, we identify the edge routers that are forwarding the attack traffic, which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
