GLOBECOM 2005 Tutorial

Monday, 28 November
Majestic Ballroom H / Level Two / Renaissance Grand Hotel

Title:   TU02 Tracing Cyber Attacks

Duration : Half Day/9:00AM-12:00 Noon

Instructor : Nirwan Ansari, Ph.D., New Jersey Institute of Technology

Abstract:
Recent high profile cyber attacks have caught much attention; they have also revealed the vulnerability of the existing information technology (IT) infrastructure. Developing technology to ensure connectivity of computer and information resources has become the utmost concern to facilitate various rapidly growing e-commerce applications. A number of approaches to security have been proposed, each attempting to mitigate a specific set of concerns. The specific threat, which is the main focus of this tutorial, is anonymous attacks . In anonymous attacks, the identity of the attacker(s) is not immediately available to the victim since the Source Address (SA) field in the attack packets is spoofed. (Distributed) Denial of Service ((D)DoS) attacks are anonymous attacks, which currently attract much attention since there is no obvious way to prevent them or to trace them.

Currently, there are several ways of tackling anonymous attacks including source address filtering, SYN Flood Protection, and implementing a BlackHole Router server. The currently available methods for addressing anonymous attacks are not comprehensive. They either deal with a very limited set of the problems or are too expensive to implement and enforce. Prevention of all attacks on the Internet is far from reality. When prevention fails, a mechanism to identify the source(s) of the attack is needed to at least insure accountability for these attacks. This is the motivation for designing IP Traceback schemes. This tutorial covers the state of the art of IP Traceback including our recently proposed novel schemes along with future research directions.

Motivation:
This is an in-depth study of one important aspect of network security: that of identifying the source of attack packets.