Coloring networks for attacker identification and response
Article first published online: 19 JUL 2014
Copyright © 2014 John Wiley & Sons, Ltd.
Security and Communication Networks
How to Cite
Sairam, A. S., Roy, S. and Sahay, R. (2014), Coloring networks for attacker identification and response. Security Comm. Networks. doi: 10.1002/sec.1022
- Article first published online: 19 JUL 2014
- Manuscript Accepted: 20 MAR 2014
- Manuscript Revised: 30 JAN 2014
- Manuscript Received: 14 JUL 2013
- packet marking;
- attack signature;
- star coloring;
- IP traceback;
- dynamic attack response
Network-based attacks such as denial-of-service attacks are usually performed by spoofing the source IP address. Packet marking techniques are used to trace such attackers as close as possible to their source. A packet mark consists of some traceback information pertaining to a router being embedded in the IP packet header. In this work, we use the concept of star coloring to assign reusable colors (marks) to routers but at the same time limits false positives and false negatives. The proposed scheme minimizes the bit space required for marking in the IP header. We introduce the concept of path identifier, to identify an attack path. The path identifiers are used to provide an elegant solution to collect attack packets in the midst of a distributed denial-of-service attack and then traceback. Although identifying the attacker is crucial to institute protection measures against future attacks, it cannot mitigate the effects of an ongoing attack. We establish the use of path identifiers, to filter packets during an ongoing attack. We present a validation of the proposed techniques in an emulated environment using real attack traffic. Copyright © 2014 John Wiley & Sons, Ltd.