Reconstruction of malicious internet flows

Omer Demir, Bilal Khan, Ala Al-Fuqaha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

We describe a general-purpose distributed system capable of traceback of malicious flow trajectories in the wide area despite possible source IP spoofing. Our system requires the placement of agents on a subset of the inter-autonomous system (AS) links of the Internet. Agents are instrumented with a uniform notion of attack criterion. Deployed, these agents implement a self-organizing, decentralized mechanism that is capable of reconstructing topological and temporal information about malicious flows. For example, when the attack criterion is taken to be based on excessive TCP connection establishment traffic to a destination, the system becomes a traceback service for distributed denial of service (DDoS) attacks. As another special case, when the attack criterion is taken to be based on malicious payload signature match as defined by an intrusion detection system (IDS), the agents provide a service for tracing malware propagation pathways. The main contribution of this paper, is to demonstrate that the proposed system is effective at recovering malicious flow structure even at moderate levels of deployment in large networks, including within the present Internet topology.

Original languageEnglish (US)
Title of host publicationIWCMC 2010 - Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Pages1182-1187
Number of pages6
DOIs
StatePublished - 2010
Event6th International Wireless Communications and Mobile Computing Conference, IWCMC 2010 - Caen, France
Duration: Jun 28 2010Jul 2 2010

Publication series

NameIWCMC 2010 - Proceedings of the 6th International Wireless Communications and Mobile Computing Conference

Other

Other6th International Wireless Communications and Mobile Computing Conference, IWCMC 2010
CountryFrance
CityCaen
Period6/28/107/2/10

Keywords

  • Distributed denial of service
  • Flow reconstruction

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Reconstruction of malicious internet flows'. Together they form a unique fingerprint.

  • Cite this

    Demir, O., Khan, B., & Al-Fuqaha, A. (2010). Reconstruction of malicious internet flows. In IWCMC 2010 - Proceedings of the 6th International Wireless Communications and Mobile Computing Conference (pp. 1182-1187). (IWCMC 2010 - Proceedings of the 6th International Wireless Communications and Mobile Computing Conference). https://doi.org/10.1145/1815396.1815667