Securing the Internet and its services is recognized as one of the most challenging research problems. Amongst the threats imposed on the Internet, Distributed Denial of Service (DDoS) attack has occurred recurrently with a severe impact on the economy of the organization. Regardless of the fact that security experts propose plentiful stupendous solutions to mitigate DDoS attack, it has continued to prevail over a decade. This convolutes the forensic inspection and countermeasures against DDoS offensive. Identifying the origin of the attack is an important and essential step towards deterrence and countermeasures against these attacks. However, they either require huge storage at the routers or require numerous packets to traceback the attack path. Further, most of the marking based traceback schemes are not backward compatible. This proposed system focuses on scrutinize these issues and proposes a feasible solution to identify the origin of Direct Distributed DDoS attack. Backward compatible Single Packet ICMP Traceback scheme using Router Interface (SPITRI) is proposed. It also uses an out-of-band ICMP message to track the attack path. It identifies the origin of an attack packet with a single ICMP message whereas the existing ICMP based traceback scheme requires more number of ICMP packets. Subsequently, SPITRI has undoubtedly reduced the bandwidth overhead provoke by the existing ICMP based traceback scheme. It traces back the attacker with minimal computation overhead and negligible storage at the routers. According to CAIDA dataset, SPITRI tracebacks 13000 attackers with an accuracy of 95.98%.

Spoofing; Trace back; Client-Server Authentication; IP forging, Distributed Denial of Service, Single Packet ICMP Traceback scheme using Router Interface

[1] FORBES 2014, The Largest Cyber Attack in History has been Hitting Hong Kong Site, NEW JERSEY.
[2] Hussain, A, Heidemann, J & Papadopoulos, C 2003, „A framework for classifying denial of service attacks‟, Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ed. Anja, ACM, Karlsruhe, pp. 99-110.
[3] S. Vincent and J. Raja, “A Survey of IP Traceback Mechanisms to overcome Denial-of-Service Attacks,” in Proc. networking, VLSI and signal processing (ICNVS), 2010.
[4] A. Belenky and N. Ansari, “IP Traceback With Deterministic Packet Marking,” in Proc. IEEE Communications Letters, 2003.
[5] R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods,” in Proc. USENIX Security Symposium (SSYM), 2000.
[6] H. Burch, “Tracing Anonymous Packets to Their Approximate Source,” in Proc. 14th Systems Administration Conference (LISA), 2000.
[7] A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, B. Schwartz, and S. Kent, “Single-Packet IP Traceback,” in Proc. IEEE Transactions on Networking, 2002.
[8] A. Izaddoost, M. Othman, and M. Rasid, “Accurate ICMP Traceback Model Under DoS/DDoS Attack,” in Proc. Advanced Computing and Communications (ADCOM), 2007.
[9] Z. Khan, N. Akram, K. Alghathbarl, M. She, and R. Mehmoodl, “Secure Single Packet IP Traceback Mechanism to Identify the Source,” in Proc. IEEE Internet Technology and Secured Transactions (ICITST), 2010.
[10] B. Stelte, “ISP Traceback - Attack Path Detection,” in Proc. IEEE Communications and Network Securit, 2013.
[11] C. Gong and K. Sarac, “A More Practical Approach for Single-Packet IP Traceback Using Packet Logging and Marking,” in Proc. IEEE Transactions on Parallel and Distributed Systems, 2008
[12] Belenky, A & Ansari, N 2003, „IP Traceback with deterministic packet marking‟, IEEE Communication Letters, Vol. 7, no. 4, pp. 162-164.