@inproceedings{9759d9161ff248c38fcaa0cc495531fb,
title = "MIB-ITrace-CP: An improvement of ICMP-based traceback efficiency in network forensic analysis",
abstract = "A denial-of-service (DoS) / distributed-denial-of-service (DDoS) attack may result in rapid resource depletion along the attack path. For steppingstone and masquerading techniques typically used in DoS/DDoS attacks such as internet protocol (IP) or Media Access Control (MAC) address spoofing, tracing the intrusion back to the true attacker becomes a challenging task for network security engineers. Although the Internet Engineer Task Force (IETF) has proposed an Internet Control Message Protocol (ICMP) based Traceback solution, it faces severe difficulties in practice in regard to justifying the interoperability of deployed routers as well as the correctness of Traceback with multiple attack paths. This research proposes a novel approach to embed the essence of a management information base (MIB) into iTrace messages, named MIB-ITrace-CP, in order to improve the accuracy and efficiency of the original ICMP-based Traceback. Through our implementations on a Testbed@TWISC platform, we validated our approach and demonstrated the feasibility of practical network forensics.",
keywords = "DoS, Forensics, ITrace-CP, Spoofing, Traceback",
author = "Cheng, \{Bo Chao\} and Liao, \{Guo Tan\} and Lin, \{Ching Kai\} and Hsu, \{Shih Chun\} and Hsu, \{Ping Hai\} and Park, \{Jong Hyuk\}",
year = "2012",
doi = "10.1007/978-3-642-35606-3\_12",
language = "English",
isbn = "9783642356056",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "101--109",
booktitle = "Network and Parallel Computing - 9th IFIP International Conference, NPC 2012, Proceedings",
note = "9th IFIP International Conference on Network and Parallel Computing, NPC 2012 ; Conference date: 06-09-2012 Through 08-09-2012",
}