RIHT: A Novel Hybrid IP
Traceback Scheme
ABSTRACT:
Because the
Internet has been widely applied in various fields, more and more network
security issues emerge and catch people’s attention. However, adversaries often
hide themselves by spoofing their own IP addresses and then launch attacks.
For this
reason, researchers have proposed a lot of traceback schemes to trace the
source of these attacks. Some use only one packet in their packet logging
schemes to achieve IP tracking. Others combine packetmarking with packet
logging and therefore create hybrid IP traceback schemes demanding less storage
but requiring a longer search. In this paper, we propose a new hybrid IP
traceback scheme with efficient packet logging aiming to have a fixed storage
requirement for each router (under 320 KB, according to CAIDA’s skitter data
set) in packet logging without
the need to
refresh the logged tracking information and to achieve zero false positive and
false negative rates in attack-path reconstruction. In addition, we use a
packet’s marking field to censor attack traffic on its upstream routers.
Lastly, we simulate and analyze our scheme, in comparison with other related
research, in the following aspects: storage requirement, computation, and accuracy.
ARCHITECTURE:
EXISTING SYSTEM:
Most of current single packet traceback schemes tend
to log packets’ information on routers. Most current tracing
schemes that are designed for software exploits can be categorized into three
groups: single packet, packet logging and hybrid IP traceback . The
basic idea of packet logging is to log a packet’s information on routers. The
methods used in the existing systems include Huffman Code, Modulo/ Reverse
modulo Technique (MRT) and MOdulo/REverse modulo (MORE). These methods use
interface numbers of routers, instead of partial IP or link information, to
mark a packet’s route information. Each of these methods marks routers’
interface numbers on a packet’s IP header along a route. However, a packet’s IP
header has rather limited space for marking and therefore cannot always afford
to record the full route information. So, they integrate packet logging into
their marking schemes by allowing a packet’s marking field temporarily logged
on routers. From this, it is found that these tracing methods still require
high storage on logged routers. Apart from this, also
found that, exhaustive searching is quite inefficient in path reconstruction.
DISADVANTAGES OF EXISTING SYSTEM:
In the existing system, adversaries often hide themselves by spoofing their own IP addresses and then launch attacks. There is a lot of trace back schemes to trace the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others combine packet marking with packet logging and therefore create hybrid IP trace back schemes demanding less storage but requiring a longer search.
PROPOSED SYSTEM:
In the
proposed system, we provide a new hybrid IP traceback scheme with efficient
packet logging aiming to have a fixed storage requirement for each router
(under 320 KB, according to CAIDA’s skitter data set) in packet logging without
the need to refresh the logged tracking information and to achieve zero false
positive and false negative rates in attack-path reconstruction.
In this paper, we propose a new hybrid IP traceback
scheme with efficient packet logging aiming to have a fixed storage requirement
for each router in packet logging
without the need to refresh the logged tracking information. In addition, we
use a packet’s marking field to censor attack traffic on its upstream routers.
Like MRT and MORE, RIHT marks interface numbers of
routers on packets so as to trace the path of packets. Since the marking field
on each packet is limited, our packet-marking scheme may need to log the
marking field into a hash table and store the table index on the packet. We
repeat this marking/logging process until the packet reaches its destination.
After that, we can reverse such process to trace back to the origin of attack
packets.
ADVANTAGES OF PROPOSED SYSTEM:
·
Efficient Packet Marking
·
Requires Fixed Storage Space
·
No need to refresh often
MODULES:
The entire work of this
paper is divided into five different modules. They are:
·
Network topology Construction
·
Path Selection
·
Packet Sending
·
Packet Marking and Logging
·
Path Reconstruction
MODULE
DESCRIPTION:
Network
topology Construction
A
Network Topology may consist of the no.of routers that are connected with local
area networks. Thus, a router can either receive data from the nearer router or
from the local area network. A border router receives packets
from its local network. A core router receives packets from other routers. The
no.of routers connected to a single router is called as the degree of a router.
This is calculated and stored in a table. The Upstream interfaces of each
router also have to be found and stored in the interface table.
Path
Selection
The path is said
to be the way in which the selected packet or file has to be sent from the
source to the destination. The
Upstream interfaces of each router have to be found and it is stored in the
interface table. With the help of
that interface table, the desired path between the selected source and destination
can be defined.
Packet
Sending
One of the Packet or file is to be selected for the
transformation process. The packet
is sent along the defined path from the source LAN to destination LAN. The destination LAN receives the packet and checks whether that it
has been sent along the defined path or not.
Packet
Marking and Logging
Packet
Marking is the phase, where the efficient Packet Marking algorithm is applied
at each router along the defined path. It calculates the Pmark value and stores
in the hash table. If the Pmark is not overflow than the capacity of the
router, then it is sent to the next router. Otherwise it refers the hash table
and again applies the algorithm.
Path
Reconstruction
Once
the Packet has reached the destination after applying the Algorithm, there it
checks whether it has sent from the correct upstream interfaces. If any of the
attack is found, it request for the Path Reconstruction. Path Reconstruction is
the Process of finding the new path for the same source and the destination in
which no attack can be made.
HARDWARE REQUIREMENTS
•
SYSTEM : Pentium IV 2.4 GHz
•
HARD
DISK : 40 GB
•
MONITOR : 15 VGA colour
•
MOUSE : Logitech.
•
RAM : 256 MB
•
KEYBOARD :
110 keys enhanced.
SOFTWARE REQUIREMENTS
•
Operating system : Windows XP Professional
•
Front End : JAVA,
RMI, JDBC, Swing
•
Tool : NetBeans IDE 6.9.1
REFERENCE:
Ming-Hour Yang and Ming-Chien Yang “RIHT: A Novel
Hybrid IP Traceback Scheme”, IEEE
TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 2, APRIL 2012.
