Identifying the Attack Source by IP Traceback

Abstract

The common attacks on the internet are denial of service and spoofing. Spoofing hides the identity of the attacker by modifying source IP address field and can cause the denial of service which makes the services unavailable to the legitimate users. Tracing the source of the attacking packet is very difficult because of stateless and destination based routing infrastructure of Internet. In this paper we propose a system which uses packet marking mechanisms along with Intrusion Prevention Systems for efficient IP traceback. The data mining techniques can be applied to the data collected from the packet marking scheme for detecting attack. The resultant database of knowledge can be further used by network Intrusion prevention systems for decision making. The data mining techniques are providing very efficient way for discovering useful knowledge from the available information. The combination of packet marking scheme, Intrusion prevention system and data mining can give us very effective results. © Springer-Verlag Berlin Heidelberg 2010.