|
 ABSTRACT
Network-based attacks can be either persistent or sporadic. Persistent attack flows can be relatively easy to trace by mechanisms such as probabilistic packet marking, traffic logging, data mining etc. Sporadic attacks are sometimes easily detected by the Intrusion Detection Systems (IDSs) at the victims, but are hard to trace back to the attack origins. We propose CAPTRA, a CoordinAted Packet TRAceback mechanism, for wireless sensor networks (WSNs) that takes advantage of the broadcasting nature of the packet transmissions. By remembering packets in multi-dimensional Bloom filters distributed in overhearing sensors and later retrieving the information, CAPTRA identifies the path of the packet transfers using a series of REQUEST-VERDICT-CONFESS message exchanges between the forwarding and overhearing nodes. CAPTRA requires only small memory footprint on the sensors due to the usage of Bloom filters, and allows sensors to asynchronously refresh the Bloom filters so that the network traffic is continuously monitored. CAPTRA is simulated using J-Sim, and a few key parameters are tuned for the best tracing performance.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
IEEE Std 802.11. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Technical report, IEEE, Jul. 1997.
|
| |
2
|
S.M. Bellovin, Marcus Leech, and Tom Taylor. ICMP Traceback Messages. Technical report, Internet Draft, IETF, Mar. 2001.
|
 |
3
|
|
| |
4
|
A. Broder and M. Mitzenmacher. Network applications of Bloom filters: a survey. In Proceedings of the 40th Annual Allerton Conference on Communication, Control, and Computing, 2002.
|
| |
5
|
H.Y. Chang, P. Chen, A. Hayatnagarkar, R. Narayan, P. Sheth, N. Vo, C. L. Wu, S.F. Wu, L. Zhang, X. Zhang, F. Gong, F. Jou, C. Sargor, and X. Wu. Design and Implementation of A Real-Time Decentralized Source Identification System for Untrusted IP Packets. In Proceedings of the DARPA Information Survivability Conference and Exposition, Jan. 2000.
|
| |
6
|
H.Y. Chang, R. Narayan, C. Sargor, F. Jou, S.F. Wu, B.M. Vetter, F. Gong, X. Wang, M. Brown, and J.J. Yuill. DECIDUOUS: Decentralized Source Identification for Network-Based Intrusions. In Proceeding of 6th IFIP/IEEE International Symposium on Integrated Network Management, pages 702--714, 1999.
|
| |
7
|
Inc. CrossBow Technology. http://www.xbow.com, 2005.
|
| |
8
|
D. Dean, M. Franklin, and A. Stubblefield. An Algebraic Approach to IP Traceback. In Proceedings of Network and Distributed System Security Symposium, Feb. 2001.
|
| |
9
|
|
| |
10
|
|
| |
11
|
Li Fan , Pei Cao , Jussara Almeida , Andrei Z. Broder, Summary cache: a scalable wide-area Web cache sharing protocol, Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication, p.254-265, August 31-September 04, 1998, Vancouver, British Columbia, Canada
|
| |
12
|
|
| |
13
|
Abhishek Kumar , Jun (Jim) Xu , Li Li , Jia Wang, Space-code bloom filter for efficient traffic flow measurement, Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, October 27-29, 2003, Miami Beach, FL, USA
[doi> 10.1145/948205.948226]
|
| |
14
|
J. Li, M. Sung, J. Xu, and L. Li. Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation. In IEEE Symposium on Security and Privacy, Berkeley, CA, May 2004.
|
| |
15
|
A. Mankin, D. Massey, C. Wu, S. F. Wu, and L. Zhang. On Design and Evaluation of Intention-Driven ICMP Traceback. In Proceedings of IEEE International Conference on Computer Communications and Networks (IC3N), 2001.
|
| |
16
|
|
| |
17
|
Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.15-26, August 2001, San Diego, California, United States
|
| |
18
|
S.C. Rhea and J. Kubiatowicz. Probabilistic Location and Routing. In INFOCOM, 2002.
|
| |
19
|
R. Rivest. RFC 1321 - The MD5 Message-Digest Algorithm. Technical report, MIT Laboratory for Computer Science and RSA Data Security, Inc., Network Working Group, Apr. 1992.
|
| |
20
|
|
| |
21
|
L.A. Sanchez, W.C. Milliken, A.C. Snoeren, F. Tchakountio, C.E. Jones, S.T. Kent, C. Partridge, and W.T. Strayer. Hardware Support for a Hash-Based IP Traceback. In Proceedings of DARPA Information Survivability Conference and Exposition, Jun. 2001.
|
| |
22
|
Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
|
| |
23
|
Alex C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.3-14, August 2001, San Diego, California, United States
|
| |
24
|
D.X. Song and A. Perrig. Advanced and Authenticated Marking Scheme for IP Traceback. In Proceedings of IEEE INFOCOM Conference, 2001.
|
| |
25
|
R. Stone. CenterTrack: An IP Overlay Network for Tracking DoS Floods. In Proceedings of 9th Usenix Security Symposium, Aug. 2000.
|
| |
26
|
S. Templeton and K. Levitt. Detecting spoofed packets. In Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX), 2003.
|
| |
27
|
H. Tyan. J-Sim. http://www.j-sim.org/.
|
| |
28
|
|
| |
29
|
|
| |
30
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
H.3