Hybrid Multilayer Network Traceback to the Real Sources of Attack Devices

• Published in: IEEE access Vol. 8; pp. 201087 - 201097
• Main Authors: Yang, Ming-Hour, Luo, Jia-Ning, Vijayalakshmi, M., Shalinie, S. Mercy
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 2020; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: advanced persistent threats; attack detection; attack mitigation; autonomous system; Autonomous systems; Computer crime; Cybersecurity; Data links; DDoS attack; Internet; Internet of Things; IP (Internet Protocol); IP networks; IP spoofing; IP traceback; layer 2 traceback; Multilayers; Object recognition; Spoofing; Switches
• ISSN: 2169-3536; 2169-3536
• DOI: 10.1109/ACCESS.2020.3034226

With the advent of the Internet of Things (IoT), there are also major information security risks hidden behind them. There are major information security risks hidden behind them. Attackers can conceal their actual attack locations by spoofing IP addresses to attack IoT devices, law enforcement cannot easily track them. Therefore, a method to trace stealth attacks is required. Conventional IP traceback methods that traceback only attackers on the network layer and cannot infer the path information of a packet traversing the switch. This article proposes a method to simultaneously traceback attack sources at the network layer and the data link layer with only one single packet. Even if the core network contains a switch or if multiple attackers launch attacks from different locations, the method can correctly traceback the true devices responsible for the attacks, and its achievements include a zero false negative rate and a low false positive rate.