IP Traceback for Flooding attacks on Internet Threat Monitors (ITM) Using Honeypots

TL;DR

This paper presents a novel IP traceback method using honeypots to effectively identify sources of DDoS flooding attacks on Internet Threat Monitors, enhancing attack mitigation strategies.

Contribution

It introduces an information-theoretic framework and a single-packet honeypot-based traceback technique for DDoS attack source identification.

Findings

Honeypot-based traceback is more efficient than packet marking.

The proposed method effectively identifies attack sources.

The framework models botnet-driven flooding attacks.

Abstract

The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.