Coloring networks for attacker identification and response

Abstract

Network-based attacks such as denial-of-service attacks are usually performed by spoofing the source IP address. Packet marking techniques are used to trace such attackers as close as possible to their source. A packet mark consists of some traceback information pertaining to a router being embedded in the IP packet header. In this work, we use the concept of star coloring to assign reusable colors marks to routers but at the same time limits false positives and false negatives. The proposed scheme minimizes the bit space required for marking in the IP header. We introduce the concept of path identifier, to identify an attack path. The path identifiers are used to provide an elegant solution to collect attack packets in the midst of a distributed denial-of-service attack and then traceback. Although identifying the attacker is crucial to institute protection measures against future attacks, it cannot mitigate the effects of an ongoing attack. We establish the use of path identifiers, to filter packets during an ongoing attack. We present a validation of the proposed techniques in an emulated environment using real attack traffic. Copyright © 2014 John Wiley & Sons, Ltd.