정보처리학회논문지C (The KIPS Transactions:PartC)

한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

경량화된 IP 역추적 메커니즘

Lightweight IP Traceback Mechanism

  • 허준 (경희대학교 컴퓨터공학과) ;
  • 홍충선 (경희대학교 전자정보학부) ;
  • 이호재 ((주)플랜티넷 솔루션 개발팀)
  • 발행 : 2007.02.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

네트워크를 통한 공격에 대처하는 방법 중 가장 어려운 문제는 공격자가 자신의 주소를 위장한다는 것이다. 인터넷의 근본적인 구조 때문에 자신의 주소를 위장한 패킷의 근원지를 추적하는 것은 매우 어렵다. 또한, 현재까지 제안된 방법 중 공격 근원지를 추적하는 IP 역추적(Traceback) 알고리즘은 실제 적용에 있어 한계를 가지고 있으며, 이러한 문제점을 극복하긴 위한 연구가 진행되어야 할 필요가 있다. 본 논문에서는 기존 IP 역추적 기법의 문제점 해결하기 위해 마킹을 이용한 새로운 IP 역추적 메커니즘을 제안하였다. 제안된 메커니즘의 성능평가를 통해 적은 시스템 오버헤드만으로 역추적을 위한 효율적인 마킹이 가능함을 보였다.

A serious problem to fight attacks through network is that attackers use incorrect or spoofed IP addresses in attack packets. Due to the stateless nature of the internet structure, it is a difficult problem to determine the source of these spoofed IP packets. While many IP traceback techniques have been proposed, they all have shortcomings that limit their usability in practice. In this paper we propose new IP marking techniques to solve the IP traceback problem. We have measured the performance of this mechanism and at the same time meeting the efficient marking for traceback and low system overhead.

키워드

참고문헌

  1. Belenky A. and Ansari N., 'On IP Traceback,' IEEE Communications Magazine, Volume 41, Issue 7, July, 2003 https://doi.org/10.1109/MCOM.2003.1215651
  2. Belenky A. and Ansari N., 'IP traceback with deterministic packet marking,' Communications Letters, IEEE, Volume 7, Issue4, pp.162-164, April, 2003 https://doi.org/10.1109/LCOMM.2003.811200
  3. S. Savage et al., 'Network Support for IP Traceback,' IEEE/ACM Trans. Net., Vol.9, No.3, pp.226-237, June, 2001 https://doi.org/10.1109/90.929847
  4. D. X. Song and A. Perrig, 'Advanced and Authenticated Marking Schemes for IP Traceback,' Proc. INFOCOM2001, Vol.2, pp.878-886, 2001
  5. Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, 'Practical network support for ip traceback,' in Proceedings of the 2000 ACM SIGCOMM Conference, August, 2000
  6. K. Park and H. Lee, 'On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack,' Tech. Rep. CSD-00-013, Department of Computer Sciences, Purdue University, June, 2000
  7. Kadobayashi Y., Yamaguchi S., 'An implementation of a hierarchical IP traceback architecture,' Applications and the Internet Workshops, Proceedings 2003 Symposium, pp.250-253, Jan., 2003
  8. Minho Sung, Jun Xu, 'IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks,' Parallel and Distributed Systems, IEEE Transactions on, Volume 14 , Issue 9, pp. 861-872, Sept. 2003 https://doi.org/10.1109/TPDS.2003.1233709
  9. Aljifri, H., 'IP traceback: a new denial -of-service deterrent,' IEEE Security & Privacy Magazine, Volume 1, Issue 3, pp.24-31, June, 2003 https://doi.org/10.1109/MSECP.2003.1203219
  10. Belenky A., Ansari N., 'Accommodating fragmentation in deterministic packet marking for IP traceback,' IEEE Global Telecommunications Conference 2003, Volume 3, pp. 1374-1378, Dec., 2003 https://doi.org/10.1109/GLOCOM.2003.1258463
  11. Belenky A., Ansari N., 'Tracing multiple attackers with deterministic packet marking (DPM),' IEEE Communications, Computers and signal Processing 2003, Volume 1, pp.49-52, Aug., 2003
  12. Baba T., Matsuda S., 'Tracing network attacks to their sources,' IEEE Internet Computing, Volume 6 , Issue 2, pp.20-26, April, 2002 https://doi.org/10.1109/4236.991439
  13. Bao Tung Wang, Schulzrinne H., 'An IP traceback mechanism for reflective DoS attacks,' Electrical and Computer Engineering 2004, Volume 2, pp.901-904, May, 2004
  14. Tsern Huei Lee, Wei-Kai Wu, Tze-Yau William Huang, 'Scalable packet digesting schemes for IP traceback,' 2004 IEEE International Conference, Vol.2, pp.1008-1013, June, 2004
  15. Ion Stoica, Hui Zhang, 'Providing Guaranteed Services Without Per Flow Management,' ACM SIGCOMM Computer Communication Review archive, vol.29, Issue 4, pp.81-94, Oct., 1999
  16. 김병룡, 김수덕, 김유성, 김기창, '마킹 알고리듬 기반 IP 역추적에서의 공격 근원지 발견 기법,' 정보보호학회 논문지, 13권 1호, 2003년 2월
  17. NLANR. Network Traffic Packet Header Traces. URL:http://moat.nlanr.net