Distributed IDS Tracing Back to Attacking Sources
نویسندگان
چکیده
In this paper we present robust algorithms of transmission and reconstruction of attacking path(s) in IDS for providing traceback information in IP packets without requiring interactive operational support from Internet Service Providers, which is based on IP address compression techniques, polynomial theory and techniques from algebraic coding theory. Our best scheme has improved robustness over previous combinatorial approaches, both for noise elimination and multiple-path re-construction. Another key advantage of our schemes is that they will automatically benefit from any improvement in the underlying mathematical techniques, for which progress has been steady in recent years.
منابع مشابه
Tracing Anonymous Packets to Their Approximate Source
Most denial-of-service attacks are characterized by a flood of packets with random, apparently valid source addresses. These addresses are spoofed, created by a malicious program running on an unknown host, and carried by packets that bear no clues that could be used to determine their originating host. Identifying the source of such an attack requires tracing the packets back to the source hop...
متن کاملA Model for Determining the Origin OFA Packet to Find Real Attacks
Internet Protocol (IP) trace back is the enabling technology to control Internet crime. In this paper, we present a novel and practical IP trace back system called Flexible Deterministic Packet Marking (FDPM) which provides a defense system with the ability to find out the real sources of attacking packets that traverse through the network. While a number of other trace back schemes exist, FDPM...
متن کاملA Trust-based Model for Collaborative Intrusion Response
Intrusion detection systems (IDS) are quickly becoming a standard component of a network security infrastructure. Most IDS developed to date emphasize detection; response is mainly concentrated on blocking a part of the network after an intrusion has been detected. This mechanism can help in temporarily stopping the intrusion, but such a limited response means that attacking is free for the att...
متن کاملPayoff Based IDS Evaluation
IDS are regularly evaluated by comparing their false positive and false negative rates on ROC curves. However, this mechanism generally ignores both the context within which the IDS operates and the attacker’s own ability to adapt to IDS behavior. In this paper, we propose an alternative strategy for evaluating IDS based around multiple strategies. Each strategy defines how an attacker profits ...
متن کاملIntrusion Detection System using K2 Self Learning Algorithm and Open Attacking Plateform
The goal of a this IDS is to identify malicious behaviour that targets a network or a host and its resources. Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationships which can affect attack types. A Bayesian Network here used is a graphical modeling tool which used to model decision problems containing uncertainty. BN and K2 learni...
متن کامل