Abstract
Attacks launched over the Internet have become a pressing problem. Attackers make use of a variety of techniques to anonymize their traffic, in order to escape detection and prosecution. Despite much research on attack attribution, there has been little work on optimizing the number and placement of monitoring points for identifying the source of attacks with minimum ambiguity. This paper proposes such a method. The approach is based on the concept of graph separators. A separator partitions a network, such that the size of the separator is the number of monitors needed, and the size of a partition is the ambiguity in isolating the specific source of an attack. To achieve a desired degree of ambiguity, a good separator for the Internet is sought. Both vertex and edge separator heuristics are presented, which greedily select vertices of highest/lowest degree as monitors. The methods are evaluated for the Internet autonomous system (AS) topology. Experimental results show that the vertex separator heuristic requires just 5% of the ASes to be monitored to identify the source of an attack with little ambiguity. If only those links actually used for routing to a specific destination are considered, use of an edge separator requires 30% of the links to be monitored to achieve similar results. The results can be further improved if it is known that ASes have unequal probabilities of being the source of an attack.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
