In a computer network, intruders or attackers intended to attack with spoofed IP addresses. For the purpose of hiding their identity (Using proxy). IP Traceback is an effective solution for identifying source packets in order to reach the attacker by reconstructing the attacked path. For example, traceback is useful in defending against Internet DDoS attacks. Additionally it helps mitigating attacks effect, DoS attacks, For instance could be prevented if they are detect earlier, then traced back to their initial point, and finally blocked at entry points.
Furthermore IP Traceback has wide range of practical utilization such as network diagnosis, network forensics, security examining, performance testing and path validation. Challenges: In a way, many IP Traceback techniques have been proposed, none of them achieved global adoptability or practical implementation. ISP’s has reservation on the leaking of their network topology information, Unfortunately current IP Traceback approaches are not able to provide guarantee in term of privacy and support for incremental deployment. Goal: Enhance security over network topology and reduces network overheads in comparison of previous approaches while IP traceback request has been initiated from host-end.
There are three major previous mechanism of traceback on which research has been conducted mainly:
- End-host Centric marking,
- Distributed logging, and
- Overlay-based logging.
Due to security and scalability limitation in conventional traceback mechanism we are in need of new a traceback approach such as cloud-Based Architecture System. The requirement for the storage was considering main limitation factor in logging-based traceback. Furthermore, as time passes, feasibility of logging-based solution increases due to technology advancement. With the new distributed file system. Now most ISP’s are offering cloud storage as a service which can also be utilized for storing traceback logs and managed inside the local ISP’s data centers.
Meanwhile pay-per-use nature of cloud motivates network service provider to deploy traceback systems. Cloud-Based Traceback Architecture: Based on two motivations above this paper propose cloud-based architecture, which falls into three layers, AS-level traceback server layer (i.e, the overlay layer) and router layer (i.e, the under the underlying layer). Intra-AS Structure: Each AS having their own traceback deployed traceback server. All information of traffic flow collected from traceback enabled router and stored in internal cloud storage which is managed by traceback server in each AS for longer term and analysis.
Architecture overview of cloud-based system. To access the traceback service, WS-API is the central coordination point / port, It acts mainly as a querying hub which does not store traceback data, but retrieve log from traceback servers individually when requested. Inter-AS Logical Links: To establish Inter-AS logical relations and achieve efficient traceback processing and high incremental deploy-ability, flow level marking at AS-level border router has been introduced in this paper.
By adding an additional attribute to flow logs to indicate the immediate upstream traceback-deployed AS that the packet flow has been progressed from. In that way logical links between these traceback deployed ASes can be maintained. Resulting a downstream AS will b able to know the upcoming AS that should be contacted for tracing the flow. Marking at AS-level border routers. Border router of each AS is assigning its unique identity bits, as flow leaving one AS to another, in regards to determine the path when requested.
RESULTS AND DISCUSSION
This paper has proposed new architecture of IP traceback with an authentication process that provides more security at ISP level where previous approaches were not sufficent as well put a financial motivation in the deployment of IP traceback mechanism. Still optimal marking scheme in token delivery is there to be investigated in future.
V. Sekar, M. K. Reiter, W. Willinger, H. Zhang, R. R. Kompella, and D. G. Andersen, “CSAMP: A system for network-wide flow monitoring,” in Proc. NSDI, 2008, pp. 233–246.
Cisco Systems NetFlow Services. Accessed on May 2, 2016. [Online]. Available: https://www.ietf.org/rfc/rfc3954.txt