Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New marking process traces spammers, pirates and hackers

01.04.2004


Penn State researchers have proposed a new marking process for Internet messages to make it easier to trace the originators of spam, illegal copyrighted material or a virus attack.

The new marking scheme produced less than one percent false positives per 1000 attacking addresses in simulated distributed denial of service attacks and even fewer false positives and zero missed detections tracing addresses transferring copyrighted material in another simulation.

Marking messages via the Penn State approach involves no more loss of privacy than that of a postmark. Ihab Hamadeh, doctoral candidate in computer science and engineering, and Dr. George Kesidis, associate professor of electrical engineering and of computer science and engineering, developed the process.



"The technique offers internet access providers a real-time, cost-effective way to conduct forensics and improve security for the Internet," Kesidis says. "In addition, the approach will be demonstrably effective during an incremental deployment phase, thereby, creating incentives for broader deployment to satisfy the cyber security concerns of the Internet services industry and government regulators."

To defend against spam and viruses or to stop illegal file sharing, an organization must be able to identify the originator of the offending messages. However, spammers, pirates and hackers most often use incorrect, disguised or false addresses on their messages or data packets to deter trace back. Such spoofed addresses are illegal in the U.S. but so far, effective.

To overcome such spoofed source addresses, the Penn State researchers propose a strategy in which every message or data packet is marked with an identifying number by a border router. Border routers are peripheral stations that a packet passes through on its way onto the Internet.

Since every packet is forwarded onto the Internet and marked by only one trustworthy border router, spoofers would not be able to insert false marks on their packets to undermine trace back. The packets would always be traceable to a specific border router and could be stopped or investigated at that point.

While other researchers have proposed marking packets, the Penn State approach is the first to use border routers to mark packets. The marks are intended to occupy obsolete fields in the IP packet headers and are formed from the 32-bit IP addresses of the border router.

If the available obsolete field in the IP packet header is less than 32 bits long, the Penn Staters propose segmenting the border router’s IP address into several overlapping fragments that can fit. Each such fragment would be used as a possible mark by the router.

At the victim’s side, fragments from packets identified as malicious are pieced together to form the addresses of the border routers that marked and forwarded them. The overlapping fields allow the victim to correlate fragments from the same border router thereby reducing false positives.

The researchers have described their approach in two papers presented last year: "Packet Marking for Traceback of Illegal Content Distribution" and "Performance of IP Address Fragmentation Strategies for DDoS Traceback."

The University has filed an invention disclosure and is patenting the process. The research was supported, in part, by a Cisco Ltd University Research Project grant.

Barbara Hale | EurekAlert!
Further information:
http://www.psu.edu/

More articles from Communications Media:

nachricht New Technologies for A/V Analysis and Search
13.04.2017 | Fraunhofer-Institut für Digitale Medientechnologie IDMT

nachricht On patrol in social networks
25.01.2017 | Fraunhofer-Institut für Arbeitswirtschaft und Organisation IAO

All articles from Communications Media >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Making Waves

Computer scientists use wave packet theory to develop realistic, detailed water wave simulations in real time. Their results will be presented at this year’s SIGGRAPH conference.

Think about the last time you were at a lake, river, or the ocean. Remember the ripples of the water, the waves crashing against the rocks, the wake following...

Im Focus: Can we see monkeys from space? Emerging technologies to map biodiversity

An international team of scientists has proposed a new multi-disciplinary approach in which an array of new technologies will allow us to map biodiversity and the risks that wildlife is facing at the scale of whole landscapes. The findings are published in Nature Ecology and Evolution. This international research is led by the Kunming Institute of Zoology from China, University of East Anglia, University of Leicester and the Leibniz Institute for Zoo and Wildlife Research.

Using a combination of satellite and ground data, the team proposes that it is now possible to map biodiversity with an accuracy that has not been previously...

Im Focus: Climate satellite: Tracking methane with robust laser technology

Heatwaves in the Arctic, longer periods of vegetation in Europe, severe floods in West Africa – starting in 2021, scientists want to explore the emissions of the greenhouse gas methane with the German-French satellite MERLIN. This is made possible by a new robust laser system of the Fraunhofer Institute for Laser Technology ILT in Aachen, which achieves unprecedented measurement accuracy.

Methane is primarily the result of the decomposition of organic matter. The gas has a 25 times greater warming potential than carbon dioxide, but is not as...

Im Focus: How protons move through a fuel cell

Hydrogen is regarded as the energy source of the future: It is produced with solar power and can be used to generate heat and electricity in fuel cells. Empa researchers have now succeeded in decoding the movement of hydrogen ions in crystals – a key step towards more efficient energy conversion in the hydrogen industry of tomorrow.

As charge carriers, electrons and ions play the leading role in electrochemical energy storage devices and converters such as batteries and fuel cells. Proton...

Im Focus: A unique data centre for cosmological simulations

Scientists from the Excellence Cluster Universe at the Ludwig-Maximilians-Universität Munich have establised "Cosmowebportal", a unique data centre for cosmological simulations located at the Leibniz Supercomputing Centre (LRZ) of the Bavarian Academy of Sciences. The complete results of a series of large hydrodynamical cosmological simulations are available, with data volumes typically exceeding several hundred terabytes. Scientists worldwide can interactively explore these complex simulations via a web interface and directly access the results.

With current telescopes, scientists can observe our Universe’s galaxies and galaxy clusters and their distribution along an invisible cosmic web. From the...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Plants are networkers

19.06.2017 | Event News

Digital Survival Training for Executives

13.06.2017 | Event News

Global Learning Council Summit 2017

13.06.2017 | Event News

 
Latest News

Nanostructures taste the rainbow

29.06.2017 | Physics and Astronomy

New technique unveils 'matrix' inside tissues and tumors

29.06.2017 | Life Sciences

Cystic fibrosis alters the structure of mucus in airways

29.06.2017 | Health and Medicine

VideoLinks
B2B-VideoLinks
More VideoLinks >>>