• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.13-25
• /
• 2005

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing PPM based tracing scheme(such as router node appending, sampling and edge sampling) insert traceback information in IP packet header for IP Traceback. But, these schemes did not provide enhanced performance in DDoS attack. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for IP Traceback. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance traceback performance.

• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.17-26
• /
• 2007

A serious problem to fight attacks through network is that attackers use incorrect or spoofed IP addresses in attack packets. Due to the stateless nature of the internet structure, it is a difficult problem to determine the source of these spoofed IP packets. While many IP traceback techniques have been proposed, they all have shortcomings that limit their usability in practice. In this paper we propose new IP marking techniques to solve the IP traceback problem. We have measured the performance of this mechanism and at the same time meeting the efficient marking for traceback and low system overhead.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.143-151
• /
• 2008

Execute IP traceback at this paper as target an intruder's attacking that Bypass Attack in order to avoid an exposure of own Real IP address Design IP traceback server and agent module, and install in Internet network system for Real IP traceback. Set up detection and chase range aggressive loop around connection arbitrariness, and attack in practice, and generate Real IP data cut off by fatal attacks after data and intrusion detection accessed general IP, and store to DB. Generate the Forensic data which Real IP confirms substance by Whois service, and ensured integrity and the reliability that buy to early legal proof data, and was devoted to of an invader Present the cyber criminal preventive effect that is dysfunction of Ubiquitous Information Society and an effective Real IP traceback system, and ensure a Forensic data generation basis regarding a judge's robe penalty through this paper study.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.233-239
• /
• 2004

In this paper, we describe a defense mechanism to cope with stepping stones attacks in high-speed networks. (Stepping stones Attacker launches attacks not from their own computer but from intermediary hosts that they previously compromised.) We aim at tracing origin hacker system, which attack target system via stepping stones. There are two kind of traceback technology ; IP packet traceback, or connection traceback. We are concerned with connection traceback in this paper. We propose a new host-based traceback. The purpose of this paper is that distinguish between origin hacker system and stepping stones by using process structure of OS(Operating System).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.31-41
• /
• 2010

It is difficult to identify attacker's real location when the attacker spoofs IP address in current IPv4-based Internet environment. If the attacks such as DDoS happen in the Internet, we can hardly expect the protection scheme to respond to these attacks in active or real-time manner. Many traceback techniques have been proposed to protect against these attacks, but most traceback schemes were designed to work with the IPv4-based Internet and found to be lack of verification of whether the traceback related information is forged or not. Few traceback schemes for IPv6-based network environment have been suggested, but it has these disadvantages that needs more study. In this paper, we propose the reliable IP traceback scheme supporting integrity of traceback-related information in IPv6 network environment, simulate it, and compare our proposed scheme with exsisting traceback mechanisms in terms of overhead and functionality.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.11-18
• /
• 2006

In the field of network defense, a lot of researches are directed toward locating the source of network attacks. When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, and these intermediate hosts are called stepping-stones. There we two kinds of traceback technologies : IP packet traceback and connection traceback. We focused on connection traceback in this paper This paper classifies process structures of detoured attack type in stepping stone, designs an algorithm for traceback agent, and implements the traceback system based on the agent

• Journal of Internet Computing and Services
• /
• v.5 no.1
• /
• pp.85-97
• /
• 2004

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a "advanced ICMP Traceback" mechanism. which is based on the modified push back system. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source.ck source.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.1
• /
• pp.65-72
• /
• 2005

In this study, we suggest a new mechanism on the design and implementation of IP Traceback system against DDos/DRDoS by Zombie and Reflector attack based on spoofed IP packets. After analysis and comparing on the state-of-arts of several IP traceback mechanisms, we can find their own pros and cons primitives. And then we performed simulations on reflector based DRDoS network packets. In first, we suggest a NS-2 based IP traceback module and implement it for finding its real DRDoS attacker. As a results, we can find advanced new IP traceback scheme for providing enhanced proactive functionality against DRDoS attack.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.11-18
• /
• 2017

Now the ways in which information is exchanged by computers are changing, a variety of this information exchange method also requires corresponding change of responding to an illegal attack. Among these illegal attacks, the IP spoofing attack refers to the attack whose process are accompanied by DDoS attack and resource exhaustion attack. The way to detect an IP spoofing attack is by using traceback information. The basic traceback information analysis method is implemented by comparing and analyzing the normal router information from client with routing information existing in routing path on the server. There fore, Such an attack detection method use all routing IP information on the path in a sequential comparison. It's difficulty to responding with rapidly changing attacks in time. In this paper, all IP addresses on the path to compute in a coordinate manner. Based on this, it was possible to analyze the traceback information to improve the number of traceback required for attack detection.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.420-423
• /
• 2004

Advance of computer technique becomes efficient of business in recent years. It has become high-speed data transmission and large data transmission. Network and computer system need to increasingly security because advance of computer technique. So this paper analyzes IP Traceback system that prevent cyber attack as hacking and security vulnerability of network. And this paper design IP Traceback system that based on active network.