A Layer-2 Extension to Hash-Based IP Traceback(<Special Issue>New Technologies in the Internet and their Applications)
スポンサーリンク
概要
- 論文の詳細を見る
Hash-based IP traceback is a technique to generate audit trails for traffic within a network. Using the audit trails, it reconstructs not only the true attack paths of a Distributed Denial of Service attack (DDoS attack), but also the true path of a single packet attack. However, hash-based IP traceback cannot identify attacker nodes themselves because it has no audit trail on the subnet's layer-2 network under the detected leaf router, which is the nearest node to an attacker node on a layer-3 network. We propose a layer-2 extension to hash-based IP traceback, which stores two identifiers with packets' audit trails while reducing the memory requirement for storing identifiers. One of these identifiers shows the leaf router's interface through which an attacking packet came, and the other represents the ingress port on a layer-2 switch through which the attacking packet came. We implement a prototype on FreeBSD and evaluate it in a preliminary experiment.
- 社団法人電子情報通信学会の論文
- 2003-11-01
著者
-
KADOBAYASHI Youki
Graduate School of Information Scinece, Nara Institute of Science and Technology
-
Kadobayashi Youki
Graduate School Of Information Science Naist
-
Kadobayashi Y
Graduate School Of Information Science Nara Institute Of Science And Technology
-
HAZEYAMA HIROAKI
Graduate School of Information Science, Nara Institute of Science and Technology
-
OE Masafumi
National Astronomical Observatory of Japan
-
Hazeyama Hiroaki
Graduate School Of Information Science Nara Institute Of Science And Technology
関連論文
- Handover Management for VoWLAN Based on Estimation of AP Queue Length and Frame Retries
- Performance Study and Deployment Strategies on the Sender-Initiated Multicast(Internet Technology V)
- Multi-Path Transmission Algorithm for End-to-End Seamless Handover across Heterogeneous Wireless Access Networks(Mobile Networking)(Internet Technology IV)
- Handover Management for VoWLAN Based on Estimation of AP Queue Length and Frame Retries
- An MEG Data Analysis System Using Grid Technology (特集 次世代のインターネット/分散システムの構築・運用技術)
- Distributed Scalable Multi-player Online Game Servers on Peer-to-Peer Networks (特集 新時代の分散処理とネットワーク(WebサービスとP2P))
- A Layer-2 Extension to Hash-Based IP Traceback(New Technologies in the Internet and their Applications)
- A Layer-2 Extension to Hash-Based IP Traceback
- Improvement of Consistency among AS Policies in IRR Databases(Distributed System Operation and Management)
- Adaptive Bloom Filter : A Space-Efficient Counting Algorithm for Unpredictable Network Traffic
- A Step towards Static Script Malware Abstraction : Rewriting Obfuscated Script with Maude
- Design and Deployment of Post-Disaster Recovery Internet in 2011 Tohoku Earthquake
- Hose Bandwidth Allocation Method to Achieve a Minimum Throughput Assurance Service for Provider Provisioned VPNs
- Distributed Scalable Multi-player Online Game Servers on Peer-to-Peer Networks
- Improvement of Consistency among AS Policies in IRR Databases
- Distributed Scalable Multi-player Online Game Servers on Peer-to-Peer Networks