Title :
SPIE demonstration: single packet traceback
Author :
Strayer, W.T. ; Jones, Cathleen E. ; Snoeren, Alex C.
Author_Institution :
BBN Technol., Cambridge, MA, USA
Abstract :
SPIE, the Source Path Isolation Engine, is a DARPA-funded system for tracing single IP packets back through a network of instrumented routers or tap boxes that are associated with the routers. Historically, tracing individual packets by keeping packet logs at each router has required prohibitive amounts of memory; one of SPIE´s key innovations is to reduce the memory requirement (down to 0.5% of link capacity) by storing only packet digests, that is, hashes of the packets rather than the packet itself. SPIE-enhanced routers maintain a cache of packet digests for recently forwarded traffic. If a packet is determined to be offensive by an intrusion detection system (or judged interesting by some other metric), a query is dispatched to the SPIE system that, in turn, queries routers for packet digests of the relevant time periods. ne results of this query are used in a simulated reverse-path flooding algorithm to build a highly reliable and accurate attack graph that identifies the packet´s source or sources.
Keywords :
security of data; telecommunication network routing; telecommunication security; SPIE; Source Path Isolation Engine; attack graph; cache; forwarded traffic; hashes; intrusion detection system; memory requirement; packet digests; query; routers; simulated reverse-path flooding algorithm; single IP packet traceback; tap boxes; Computer crime; Data structures; Dissolved gas analysis; Engines; Floods; History; Intrusion detection; Isolation technology; TCPIP; Technological innovation;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194937
