Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지

Design and Implementation of the Sinkhole Traceback Protocol against DDoS attacks

DDoS 공격 대응을 위한 Sinkhole 역추적 프로토콜 설계 및 구현

  • Received : 2009.10.08
  • Accepted : 2009.11.17
  • Published : 2010.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

An advanced and proactive response mechanism against diverse attacks on All-IP network should be proposed for enhancing its security and reliability on open network. There are two main research works related to this study. First one is the SPIE system with hash function on Bloom filter and second one is the Sinkhole routing mechanism using BGP protocol for verifying its transmission path. Therefore, advanced traceback and network management mechanism also should be necessary on All-IP network environments against DDoS attacks. In this study, we studied and proposed a new IP traceback mechanism on All-IP network environments based on existing SPIE and Sinkhole routing model when diverse DDoS attacks would be happen. Proposed mechanism has a Manager module for controlling the regional router with using packet monitoring and filtering mechanism to trace and find the attack packet's real transmission path. Proposed mechanism uses simplified and optimized memory for storing and memorizing the packet's hash value on bloom filter, with which we can find and determine the attacker's real location on open network. Additionally, proposed mechanism provides advanced packet aggregation and monitoring/control module based on existing Sinkhole routing method. Therefore, we can provide an optimized one in All-IP network by combining the strength on existing two mechanisms. And the traceback performance also can be enhanced compared with previously suggested mechanism.

최근 All-IP 네트워크 환경이 구축되면서 다양한 형태의 트래픽이 송수신되고 있으며, 이와 더불어 다양한 형태의 공격이 급증하고 있어 이에 대한 능동적 대응 방안이 제시되어야 한다. 기존 연구로는 SPIE 시스템 기반 해시 함수와 Bloom filter 방식을 적용한 라우터 중심 패킷 경로 역추적 기법이 제시되었으나, DDoS 공격이 발생 시 이를 능동적으로 차단하면서 공격 근원지를 역추적하기에는 문제점이 있다. 따라서 본 연구에서는 기존 SPIE 및 Sinkhole 기반 라우터 기법의 장단점에 대한 분석을 통해 두 방식의 장점을 결합하여 All-IP 네트워크 환경에 적합한 IP 역추적 방식을 설계하고 이를 구현하였다. 본 연구에서 제시한 기법은 기존의 Sinkhole 방식과 유사하게 공격 패킷에 대한 수집/모니터링 기능을 제공하면서도 역추적 패킷 Manager 시스템을 기반으로 공격 패킷에 대한 판단 및 수집/제어 할 수 있어 성능 향상과 함께 DDoS 공격에 대한 능동적 대응이 가능하였다.

Keywords

References

  1. B. Bloom, "Space/Time Tradeoffs in Hash Coding with Allowable Errors," Cmmunications of the ACM 13(7) pp.422-426, 1970. https://doi.org/10.1145/362686.362692
  2. A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer, "Hash-Based IP Traceback," ACM SIGCOMM Computer Communication Review (Proceedings of the 2001 SIGCOMM Conference) 31(4), pp.3-14, 2001.
  3. Andrei Broder and Michael Mitzenmacher, "Network Applications of Bloom Filters: A Survey," Internet Mathematics Vol. 1, No. 4: 485-509, 2003.
  4. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Network support for IP traceback," ACM/IEEE Transactions on Networking, 9(3), pp.226-239, 2001. https://doi.org/10.1109/90.929847
  5. Victor Oppleman, "Network Defense Applications using IP Sinkholes," http://vostrom.com/get/netdef_en.pdf
  6. K. Park and H. Lee. "On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack," In Proc. IEEE INFOCOM, pp.338-347, 2001.
  7. Henry C.J. Lee, Vrizlynn L.L. Thing, Yi Xu, and Miao Ma, "ICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback," LNCS 2836, pp.124-135, 2003.
  8. Chen Kai, Hu Xiaoxin, Hao Ruibing, "DDoS Scouter : A Simple IP Traceback Scheme," http://blrc.edu.cn/blrcweb/publication/kc1.pdf
  9. Udaya Kiran Tupakula12 and Vijay Varadharajan, "Tracing DDoS Floods: An Automated Approach," Journal of Network and Systems Management, Vol. 12, No. 1, pp.111-135, March 2004. https://doi.org/10.1023/B:JONS.0000015701.83726.ca
  10. Hong-bin Yim and Jae-il Jung, "IP Traceback Algorithm for DoS/DDoS Attack," APNOMS 2006, LNCS 4238, pp. 558-61, 2006.
  11. 한정화, 김락현, 류재철, 염흥열, "역추적 기술 및 보안 요구사항 분석", 정보보호학회지 제18권 제5호, pp. 132-141, 2008.