Paper Abstract and Keywords |
Presentation |
2008-03-06 11:50
Identification Method of Attacking Source Using Traffic Flow in Backbone Networks Takeshi Kuwahara, Tsuyoshi Kondoh, Takeshi Yagi, Keisuke Ishibashi, Junichi Murayama (NTT) IN2007-169 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
In this paper, we propose a novel identification method of attacking source using traffic flow information in backbone networks. The proposed method is based on the condition that ingress traffic flows from the edge routers (ERs) of a backbone are collected and monitored by the monitoring device which enables to detect anomalies of special-traffic patterns among the ERs. In the case of DDoS attack, traffic congestion to an egress ER will be detected and then the traffic flows collected from the corresponding ingress ERs are processed to identify the attacking flows and directions of source hosts. The proposed intra-ISP method would be applicable with little influence on the current ISP backbones comparing to existing method of tracing the attacking flow sequentially along with routing paths. By extending the above method designed for intra-ISP, we also propose an IP traceback method for inter-ISPs. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
DDoS attack / traffic monitoring / attack source identification / traffic flow / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 107, no. 525, IN2007-169, pp. 61-66, March 2008. |
Paper # |
IN2007-169 |
Date of Issue |
2008-02-28 (IN) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IN2007-169 |
Conference Information |
Committee |
NS IN |
Conference Date |
2008-03-06 - 2008-03-07 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Bankoku Shinryokan |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
General issues |
Paper Information |
Registration To |
IN |
Conference Code |
2008-03-NS-IN |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Identification Method of Attacking Source Using Traffic Flow in Backbone Networks |
Sub Title (in English) |
|
Keyword(1) |
DDoS attack |
Keyword(2) |
traffic monitoring |
Keyword(3) |
attack source identification |
Keyword(4) |
traffic flow |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Takeshi Kuwahara |
1st Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
2nd Author's Name |
Tsuyoshi Kondoh |
2nd Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
3rd Author's Name |
Takeshi Yagi |
3rd Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
4th Author's Name |
Keisuke Ishibashi |
4th Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
5th Author's Name |
Junichi Murayama |
5th Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2008-03-06 11:50:00 |
Presentation Time |
20 minutes |
Registration for |
IN |
Paper # |
IN2007-169 |
Volume (vol) |
vol.107 |
Number (no) |
no.525 |
Page |
pp.61-66 |
#Pages |
6 |
Date of Issue |
2008-02-28 (IN) |
|