Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks--PARALLEL AND DISTRIBUTED SYSTEMS

Internet Protocol (IP) traceback is the enabling technology to control Internet crime. In this paper, we present a novel and practical IP traceback system called Flexible Deterministic Packet Marking (FDPM) which provides a defense system with the ability to find out the real sources of attacking packets that traverse through the network. While a number of other traceback schemes exist, FDPM provides innovative features to trace the source of IP packets and can obtain better tracing capability than others. In particular, FDPM adopts a flexible mark length strategy to make it compatible to different network environments; it also adaptively changes its marking rate according to the load of the participating router by a flexible flow-based marking scheme. Evaluations on both simulation and real system implementation demonstrate that FDPM requires a moderately small number of packets to complete the traceback process; add little additional load to routers and can trace a large number of sources in one traceback process with low false positive rates. The built-in overload prevention mechanism makes this system capable of achieving a satisfactory traceback result even when the router is heavily loaded. The motivation of this traceback system is from DDoS defense. It has been used to not only trace DDoS attacking packets but also enhance filtering attacking traffic. It has a wide array of applications for other security systems.

Technology to use: JAVA

[attachment=2723]

Flexible Deterministic Packet Marking
An IP Trace back System to Findthe Real Source of Attacks
AIM:
Internet Protocol (IP) trace back is the enabling technology to control Internet crime.
About the project
We present a novel and practical IP trace back system called Flexible Deterministic Packet Marking (FDPM).

FDPM provides a defense system with the ability to find out the real sources of attacking packets that traverse through the network.

it also adaptively changes its marking rate according to the load of the participating router by a flexible flow-based marking scheme.

FDPM requires a moderately small number of packets to complete the Trace back process.

FDPM can trace a large number of sources in one trace back process with low false positive rates.

The built-in overload prevention mechanism makes this system capable of achieving a good trace back result even when the router is heavily loaded.

System Analysis
EXISTING SYSTEM:

PPM algorithm: More importantly, without a proper termination condition, the attack graph constructed by the PPM algorithm would be wrong.


Disadvantages:

Cannot find out Packet travel Path.
Packet can be lost and Duplicate packets can be Received at the Receiver.
Receiver does not have the original packet. Because of the More no of Duplication message received at the receiver.

 PROPOSED SYSTEM:

FDPM Algorithm:

The FDPM algorithm provides an autonomous way for the original PPM algorithm to determine its termination.
The most significant merit of the FDPM algorithm is that when the algorithm terminates it guarantees that the constructed attack graph is correct, with a specified level of confidence.
 


We carry out simulations on the FDPM algorithm and show that the FDPM algorithm can guarantee the correctness of the constructed attack graph.
Advantages:
 Different probabilities that a router marks the attack packets .
Easy to find out packet loss and Duplicate packets.
Find out each and every packet path.
To reduce the network traffic.

Hardware requirements:

 
Processor : Any Processor above 500 Mhz. 
Ram : 128Mb
Hard Disk : 10 Gb. 
Input device : Standard Keyboard and Mouse. 
Output device : Monitor (VGA and High Resolution) 
Software requirements: 


Operating System : Windows server 2000 family
Techniques : JDK 1.5  
Front End : Java Swing.
Implementation : Socket in Java.


THANK YOU

How to implement this project? Do any one have codings for it? where can i download it?

i am doing project on this ,if any one doing same project please help me
ykreddy09[at]hotmail.com

i am doing project on this ,if any one doing same project please help me
ykreddy09[at]hotmail.com

[attachment=4919]

---

Flexible Deterministic Packet Marking:
An IP Traceback System to Find
The Real Source of Attacks

ABSTRACT

SYSTEM ANALYSIS
EXISTING SYSTEM:
PPM algorithm:
More importantly, without a proper termination condition, the attack graph constructed by the PPM algorithm would be wrong.



Disadvantages:


 Cannot find out Packet travel Path.
 Packet can be losses and Duplication of packet Receive the Receiver.
 Receiver does not have the original packet. Because the More no of Duplication message receive the receiver.

PROPOSED SYSTEM:

 FDPM Algorithm:
The FDPM algorithm provides an autonomous way for the original PPM algorithm to determine its termination, and it is a promising means of enhancing the reliability of the PPM algorithm.
The most significant merit of the FDPM algorithm is that when the algorithm terminates, the algorithm guarantees that the constructed attack graph is correct, with a specified level of confidence.
We carry out simulations on the FDPM algorithm and show that the FDPM algorithm can guarantee the correctness of the constructed attack graph.

Advantages:

 Different probabilities that a router marks the attack packets .
 Easy to find out packet loss and Duplicate packets.
 Find out each and every packet path.
 To reduce the network traffic.

---

Hi, I need implementation details. How many systems are needed. Any need for router? Plz give any details u know. Advance Thanks -reg

if any one have project pls send to my mail id....
gspr2[at]yahoo.co.in

if client sends the message as
"this topic is related to computer networks" from an IP address for example 192.192.63.15 .How router marks the packet by using FDPM algorithm.Which value should be taken for marking length either (19,16or 24).
How can we measure the input rate in simulation and which values should be taken for Lmax and Lmin for the maimum and minimum values for the load of router.
please send the explanation for the above questions to my mail id.

[attachment=11293]
Flexible Deterministic Packet Marking
An Ip Traceback System To find Real Source of Attacks
MOTIVATION
 Internet crime has become an ubiquitous phenomenon with the wide usage of automated attack tools.
 Although a number of counter measures have been proposed against internet crime ,it is still on rise.
 It is very difficult to trace the sources of internet crime ,since the attackers can forge the address field in IP protocol packet.
 DDOS attackers reduce the quality of target internet service.
 The motivation of this trace back system is from DDOS defense
 It has been used to not only trace DDOS attacking packets but also enhance filtering attacking traffic .
 It has a wide array of applications for other security systems.
PROBLEM STATEMENT
 The main objective of IP traceback problem is to identify the routers that are directly connected to the attackers with low false positive rates.
 Most existing traceback schemes consume expensive resources
 Cpu ,bandwidth and memory disc storage.
 Require a large amount of IP packets to reconstruct sources.
 They cannot find out the packet travel path.
 Receiver receives duplication of packets and sometimes packet may be lost .
STATE OF ART
 Probabilistic Packet Marking (PPM) is one stream of the packet marking methods.
 It uses 16 bit fragment id field in the IP header for encoding.
 It marks the packets with path information in a probabilistic manner
 It enables the victim to reconstruct the attack path by using the marked packets.
 The advantage of PPM is it is simple and it can support incremental deployment.
 The disadvantages of PPM are
 Path reconstruction process require high computational work.
 It is not useful when there are large number of attack sources and the reconstruction path is useless because of high false positive.
 It cannot address the problem of maximum number of sources in a single trace back process
 Deterministic packet marking algorithm uses 16-bit Packet ID field and the reserved 1-bit Flag in the IP header for marking.
 The packet is marked by the interface closest to the source of the packet on the edge ingress router .
 Advantages of DPM is easy to implement ,has low processing and no bandwidth overhead.
Disadvantages of DPM
 limitation of DPM is it can trace only 2008 sources in a single trace back scheme.
 Number of packets needed to trace one source and overload prevention on participating routers.
Introduction
 IP trace back systems provide a means to identify true sources of IP packets without relying on the source IP address field of the packet header.
 Flexible Deterministic Packet Marking (FDPM) which provides a defense system
 It has the ability to find out the real sources of attacking packets that traverse through the network.
 The FDPM algorithm provides a promising means of enhancing the reliability of the PPM algorithm.
 We carry out simulations on the FDPM algorithm and show that the FDPM algorithm can guarantee the correctness of the constructed attack graph.
Novel Characteristics of FDPM
 The novel characteristics of FDPM are in its flexibility:
 First, it can adjust the length of marking field according to the network protocols deployed
 Second, it can also adaptively change its marking rate according to the load of the participating router
 These two novel characteristics of FDPM make it more practical than other current traceback systems in terms of compatibility and performance and
 It also prevent router from overload problems.
Modules
 Module 1 -User login
 In this module the user login window, Message Transfer window, Receiving window, and Graph construction window are designed.
 Module2-Design of FDPM scheme
 It includes
 Encoding Scheme
 Reconstruction Scheme
 Flow based marking scheme
 Module 3-Termination of DOS
 It includes algorithm for the calculation of the termination packet number
Module1 Explanation
 User can send or receive messages for this they have to get login
 After successfully login the user gets the Message Transfer window using this window one can type or browse the messages which have to send other nodes
 When a user receives the message the receiver window automatically opened on the receiver side and the dos attacker packet are shown in alert box if there is any.
 In this window there is a button option to see the graph in the way which it is traversed.
 After reading the message he close widow and reply to that window through his own widow.
Design of FDPM(module2 )Explanation
 The FDPM scheme uses various bits in the IP header for marking.
 The mark has flexible lengths depending flexible length strategy.
 When an IP packet enters the protected network, it is marked by the interface close to the source of IP packet on an edge ingress router.
 It can adaptively adjust its marking process to obtain flexible marking rate and to prevent overload on router.
 The source IP addresses are stored in the marking fields
 This mark will not be overwritten by intermediate routers when the packet traverse through the network.
 At any point within the network source IP addresses can be reconstructed with in the network.
 Utilization of IP header
 FDPM is based on IPV4
 Three fields in the IP header are used for marking.
 Type of service field, Reserved Flag ,Fragmentation id
 The length of TOS is 8-bit field that indicates abstract parameters of Quality of service.
 TOS field is used to store the marks if underlying protocol does not use the TOS.
 The length of Fragment Id is 16-bits.
 The length of Reserved Flag is 1-bit.
 The number of available bits to store mark information is 25 if protected network allows overwriting on TOS.
 Reserved flag is not used for marking when TOS field is partly or totally unavailable.
and it is used as a control bit to indicate whether TOS field is used or not.
 Each packet holding the mark will be used to reconstruct the source IP address at any point within the network..
 In order to keep track of IP packets used for reconstruction hash of ingress address is included in the mark.
 Encoding Scheme
 The mark length must be determined based on network protocols before mark can be generated.
 The mark length could be 24bits,19 bits and 16 bits according to different situations.
 The ingress IP address is divided into k-segments and stored in k IP packets
 Padding is needed to divide the source address evenly into k parts.
 The segment number is needed to arrange the bits in correct order.
 Digest is needed to enable the reconstruction process to recognize that
packets are analyzed from the same source.

Please can you upload source code also?

---

Can you please upload source code too?

Can you please mail source code to srivalli_rukmini2007[at]yahoo.com

how to do TTL based packet marking in NS2?