Title: Multilayer collaborative traceback technique based on net-flow fingerprint

Authors: Cheng Lei; HongQi Zhang; Yi Sun; XueHui Du; XueDong Jia

Addresses: Zhengzhou Information Science and Technology Institute, Zhengzhou, Henan Province 450001, China; Henan Provincial Key Laboratory of Information Security, Zhengzhou, Henan Province 450001, China ' Zhengzhou Information Science and Technology Institute, Zhengzhou, Henan Province 450001, China; Henan Provincial Key Laboratory of Information Security, Zhengzhou, Henan Province 450001, China ' Zhengzhou Information Science and Technology Institute, Zhengzhou, Henan Province 450001, China ' Zhengzhou Information Science and Technology Institute, Zhengzhou, Henan Province 450001, China ' Zhengzhou Information Science and Technology Institute, Zhengzhou, Henan Province 450001, China; Henan Provincial Key Laboratory of Information Security, Zhengzhou, Henan Province 450001, China

Abstract: Aimed at loop fallacy, indeterminate serialisation of suspicious nodes and local overload problems of suspicious information source traceback in net-flow exchange, this paper proposes a multilayer collaborative traceback technique based on net-flow fingerprint. The traceback is divided into controllable inter-AS layer, intra-AS routing layer and controllable subnet layer. Based on the characteristics of each layer, it achieves efficient suspicious path extraction in controllable inter-AS layer by BGP protocol properties. In intra-AS routing layer, it solves loop fallacy by directed graph transformation and indeterminate serialisation of suspicious nodes by local time relationship approach. In controllable subnet layer, it achieves precise location by using forwarding tables. What is more, by proposing multilayer collaborative approach, it improves the efficiency of suspicious path extraction and reduces local overload of traceback servers without compromising the accuracy of traceback. Finally, the correctness and computational complexity of NFCMT are proved, and the feasibility and correctness of this scheme are discussed by experiments.

Keywords: net-flow exchange; multilayer collaboration; suspicious path extraction; controllable inter-AS layer; intra-AS routing layer; controllable subnet layer; multilayer collaborative traceback; net-flow fingerprint; loop fallacy; suspicious nodes; local overload; suspicious information; security.

DOI: 10.1504/IJES.2016.073746

International Journal of Embedded Systems, 2016 Vol.8 No.1, pp.1 - 11

Available online: 17 Dec 2015 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article