• Journal of Industrial Technology
• /
• v.22 no.B
• /
• pp.147-153
• /
• 2002

It is very important to detect and remove original sources of DOS (Denial of Service) attacks or connection oriented/connectionless attacks. In this paper, we implement a traceback system that does not require the reaction of routers and administrators and does not need log data. We bring in a traceback server and traceback agents in each network and use sniffing and spoofing schemes. Finally, the traceback server detects attacking hosts using information transmitted from traceback agents.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.11-18
• /
• 2006

In the field of network defense, a lot of researches are directed toward locating the source of network attacks. When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, and these intermediate hosts are called stepping-stones. There we two kinds of traceback technologies : IP packet traceback and connection traceback. We focused on connection traceback in this paper This paper classifies process structures of detoured attack type in stepping stone, designs an algorithm for traceback agent, and implements the traceback system based on the agent

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2101-2105
• /
• 2003

Recently the number of Internet users has very sharply increased, and the number of intrusions has also increased very much. Consequently, security products are being developed and adapted to prevent systems and networks from being hacked and intruded. Even if security products are adapted, however, hackers can still attack a system and get a special authorization because the security products cannot prevent a system and network from every instance of hacking and intrusion. Therefore, the researchers have focused on an active hacking prevention method, and they have tried to develop a traceback system that can find the real location of an attacker. At present, however, because of the characteristics of Internet - diversity, anonymity - the real-time traceback is very difficult. To over-come this problem the Network-based Real-Time Connection Traceback System (NRCTS) was proposed. But there is a security problem that the victim system can be hacked during the traceback. So, in this paper, we propose modified NRCTS with connection redirection technique. We call this traceback system as Connection Redirected Network-based Real-Time Connection Traceback System (CR-NRCTS).

• Proceedings of the Korea Contents Association Conference
• /
• 2003.05a
• /
• pp.227-230
• /
• 2003

A system connected in Internet can be intruded by cracker via several systems. This paper proposes an efficient traceback model in order to trace a route of crackers. The traceback system is composed of a traceback server model and a traceback client model, As transmitting intrusion information from an area where client agent is installed to traceback server, the system distinguishes which systems are used as intrusion route. The traceback system can retrace intrusion route efficiently in an area where a traceback client is installed.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.233-239
• /
• 2004

In this paper, we describe a defense mechanism to cope with stepping stones attacks in high-speed networks. (Stepping stones Attacker launches attacks not from their own computer but from intermediary hosts that they previously compromised.) We aim at tracing origin hacker system, which attack target system via stepping stones. There are two kind of traceback technology ; IP packet traceback, or connection traceback. We are concerned with connection traceback in this paper. We propose a new host-based traceback. The purpose of this paper is that distinguish between origin hacker system and stepping stones by using process structure of OS(Operating System).

• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.13-25
• /
• 2005

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing PPM based tracing scheme(such as router node appending, sampling and edge sampling) insert traceback information in IP packet header for IP Traceback. But, these schemes did not provide enhanced performance in DDoS attack. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for IP Traceback. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance traceback performance.

• Journal of Internet Computing and Services
• /
• v.5 no.1
• /
• pp.85-97
• /
• 2004

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a "advanced ICMP Traceback" mechanism. which is based on the modified push back system. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source.ck source.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.3-11
• /
• 2003

It is very important to detect and remove original sources of various attacks through networks. One of the effective method to detect the sources is traceback systems. In this paper, we design and implement an agent-based traceback system that does not require the reaction of routers and administrators and does not need numerous log data. In the design, we introduce a traceback server and traceback agents in each network Using sniffing and spoofing, the server transmits a packet with a specific message. The agents detect the packet and provide the information for the server to trace back the original source.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.31-41
• /
• 2010

It is difficult to identify attacker's real location when the attacker spoofs IP address in current IPv4-based Internet environment. If the attacks such as DDoS happen in the Internet, we can hardly expect the protection scheme to respond to these attacks in active or real-time manner. Many traceback techniques have been proposed to protect against these attacks, but most traceback schemes were designed to work with the IPv4-based Internet and found to be lack of verification of whether the traceback related information is forged or not. Few traceback schemes for IPv6-based network environment have been suggested, but it has these disadvantages that needs more study. In this paper, we propose the reliable IP traceback scheme supporting integrity of traceback-related information in IPv6 network environment, simulate it, and compare our proposed scheme with exsisting traceback mechanisms in terms of overhead and functionality.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.307-310
• /
• 2004

As computers and networks become popular, distributing information on the Internet is common in our daily life. Also, the explosion of the Internet, of wireless digital communication and data exchange on Internet has rapidly changed the way we connect with other people. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we design of ICMP-based Traceback System using a ICMP Traceback Message for efficiently traceback without change structure of routers. ICMP-based Traceback System.