IEEE Access (Jan 2020)
Hybrid Multilayer Network Traceback to the Real Sources of Attack Devices
Abstract
With the advent of the Internet of Things (IoT), there are also major information security risks hidden behind them. There are major information security risks hidden behind them. Attackers can conceal their actual attack locations by spoofing IP addresses to attack IoT devices, law enforcement cannot easily track them. Therefore, a method to trace stealth attacks is required. Conventional IP traceback methods that traceback only attackers on the network layer and cannot infer the path information of a packet traversing the switch. This article proposes a method to simultaneously traceback attack sources at the network layer and the data link layer with only one single packet. Even if the core network contains a switch or if multiple attackers launch attacks from different locations, the method can correctly traceback the true devices responsible for the attacks, and its achievements include a zero false negative rate and a low false positive rate.
Keywords