| Presentation | 2008-03-06 Identification Method of Attacking Source Using Traffic Flow in Backbone Networks Takeshi KUWAHARA, Tsuyoshi KONDOH, Takeshi YAGI, Keisuke ISHIBASHI, Junichi MURAYAMA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In this paper, we propose a novel identification method of attacking source using traffic flow information in backbone networks. The proposed method is based on the condition that ingress traffic flows from the edge routers (ERs) of a backbone are collected and monitored by the monitoring device which enables to detect anomalies of special-traffic patterns among the ERs. In the case of DDoS attack, traffic congestion to an egress ER will be detected and then the traffic flows collected from the corresponding ingress ERs are processed to identify the attacking flows and directions of source hosts. The proposed intra-ISP method would be applicable with little influence on the current ISP backbones comparing to existing method of tracing the attacking flow sequentially along with routing paths. By extending the above method designed for intra-ISP, we also propose an IP traceback method for inter-ISPs. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DDoS attack / traffic monitoring / attack source identification / traffic flow |
| Paper # | IN2007-169 |
| Date of Issue |
| Conference Information | |
| Committee | IN |
|---|---|
| Conference Date | 2008/2/28(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Networks (IN) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Identification Method of Attacking Source Using Traffic Flow in Backbone Networks |
| Sub Title (in English) | |
| Keyword(1) | DDoS attack |
| Keyword(2) | traffic monitoring |
| Keyword(3) | attack source identification |
| Keyword(4) | traffic flow |
| 1st Author's Name | Takeshi KUWAHARA |
| 1st Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation() |
| 2nd Author's Name | Tsuyoshi KONDOH |
| 2nd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 3rd Author's Name | Takeshi YAGI |
| 3rd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 4th Author's Name | Keisuke ISHIBASHI |
| 4th Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 5th Author's Name | Junichi MURAYAMA |
| 5th Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| Date | 2008-03-06 |
| Paper # | IN2007-169 |
| Volume (vol) | vol.107 |
| Number (no) | 525 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |