• Title/Summary/Keyword: traceback agents

Search Result 4, Processing Time 0.016 seconds

Design and Implementation of a Traceback System based on a Traceback Agent (역추적 에이전트를 이용한 역추적 시스템 설계 및 구현)

  • Jeong, Jong-Min;Lee, Ji-Yul;Lee, Goo-Yeon
    • Journal of Industrial Technology
    • /
    • v.22 no.B
    • /
    • pp.147-153
    • /
    • 2002
  • It is very important to detect and remove original sources of DOS (Denial of Service) attacks or connection oriented/connectionless attacks. In this paper, we implement a traceback system that does not require the reaction of routers and administrators and does not need log data. We bring in a traceback server and traceback agents in each network and use sniffing and spoofing schemes. Finally, the traceback server detects attacking hosts using information transmitted from traceback agents.

  • PDF

Design and Implementation of a Traceback System based on Multi-Agents (다중 에이전트를 이용한 역추적 시스템 설계 및 구현)

  • 정종민;이지율;이구연
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.3-11
    • /
    • 2003
  • It is very important to detect and remove original sources of various attacks through networks. One of the effective method to detect the sources is traceback systems. In this paper, we design and implement an agent-based traceback system that does not require the reaction of routers and administrators and does not need numerous log data. In the design, we introduce a traceback server and traceback agents in each network Using sniffing and spoofing, the server transmits a packet with a specific message. The agents detect the packet and provide the information for the server to trace back the original source.

An Attack Origin Traceback Mechanism using ICMP Message on Ad-hoc Network (Ad-hoc 네트워크에서 ICMP메시지를 이용한 공격 근원지 역추적 기법)

  • Jeong, Gi Seog
    • Convergence Security Journal
    • /
    • v.13 no.3
    • /
    • pp.47-54
    • /
    • 2013
  • Ad-hoc network is composed of mobile nodes and has a vulnerability of attack like on conventional wire networks. So, many studies have been conducted to apply the traceback mechanism on wire network to Ad-hoc network. In this paper, a new mechanism that can trace back to IP source of spoofing DDoS packet using iTrace message on Ad-hoc network is proposed. The proposed mechanism implements ICMP Traceback message and the traceback path between agents allocated in local network and a server located in management network. Also the proposed mechanism can trace the position of attacker even after an attack is over and has extendability through standardization by using a mechanism that IETF proposed. Result of performance evaluation shows a great improvement in terms of load, integrity, safety, traceback function as compared with conventional mechanisms.

DDoS Attack Tolerant Network using Hierarchical Overlay (계층적 오버레이를 이용한 DDoS 공격 감내 네트워크)

  • Kim, Mi-Hui;Chae, Ki-Joon
    • The KIPS Transactions:PartC
    • /
    • v.14C no.1 s.111
    • /
    • pp.45-54
    • /
    • 2007
  • As one of the most threatening attacks, DDoS attack makes distributed multiple agents consume some critical resources at the target within the short time, thus the extent and scope of damage is serious. Against the problems, the existing defenses focus on detection, traceback (identification), and filtering. Especially, in the hierarchical networks, the traffic congestion of a specific node could incur the normal traffic congestion of overall lower nodes, and also block the control traffic for notifying the attack detection and identifying the attack agents. In this paper, we introduce a DDoS attack tolerant network structure using a hierarchical overlay for hierarchical networks, which can convey the control traffic for defense such as the notification for attack detection and identification, and detour the normal traffic before getting rid of attack agents. Lastly, we analyze the overhead of overlay construction, the possibility of speedy detection notification, and the extent of normal traffic transmission in the attack case through simulation.