Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New marking process traces spammers, pirates and hackers

01.04.2004


Penn State researchers have proposed a new marking process for Internet messages to make it easier to trace the originators of spam, illegal copyrighted material or a virus attack.

The new marking scheme produced less than one percent false positives per 1000 attacking addresses in simulated distributed denial of service attacks and even fewer false positives and zero missed detections tracing addresses transferring copyrighted material in another simulation.

Marking messages via the Penn State approach involves no more loss of privacy than that of a postmark. Ihab Hamadeh, doctoral candidate in computer science and engineering, and Dr. George Kesidis, associate professor of electrical engineering and of computer science and engineering, developed the process.



"The technique offers internet access providers a real-time, cost-effective way to conduct forensics and improve security for the Internet," Kesidis says. "In addition, the approach will be demonstrably effective during an incremental deployment phase, thereby, creating incentives for broader deployment to satisfy the cyber security concerns of the Internet services industry and government regulators."

To defend against spam and viruses or to stop illegal file sharing, an organization must be able to identify the originator of the offending messages. However, spammers, pirates and hackers most often use incorrect, disguised or false addresses on their messages or data packets to deter trace back. Such spoofed addresses are illegal in the U.S. but so far, effective.

To overcome such spoofed source addresses, the Penn State researchers propose a strategy in which every message or data packet is marked with an identifying number by a border router. Border routers are peripheral stations that a packet passes through on its way onto the Internet.

Since every packet is forwarded onto the Internet and marked by only one trustworthy border router, spoofers would not be able to insert false marks on their packets to undermine trace back. The packets would always be traceable to a specific border router and could be stopped or investigated at that point.

While other researchers have proposed marking packets, the Penn State approach is the first to use border routers to mark packets. The marks are intended to occupy obsolete fields in the IP packet headers and are formed from the 32-bit IP addresses of the border router.

If the available obsolete field in the IP packet header is less than 32 bits long, the Penn Staters propose segmenting the border router’s IP address into several overlapping fragments that can fit. Each such fragment would be used as a possible mark by the router.

At the victim’s side, fragments from packets identified as malicious are pieced together to form the addresses of the border routers that marked and forwarded them. The overlapping fields allow the victim to correlate fragments from the same border router thereby reducing false positives.

The researchers have described their approach in two papers presented last year: "Packet Marking for Traceback of Illegal Content Distribution" and "Performance of IP Address Fragmentation Strategies for DDoS Traceback."

The University has filed an invention disclosure and is patenting the process. The research was supported, in part, by a Cisco Ltd University Research Project grant.

Barbara Hale | EurekAlert!
Further information:
http://www.psu.edu/

More articles from Communications Media:

nachricht New Technologies for A/V Analysis and Search
13.04.2017 | Fraunhofer-Institut für Digitale Medientechnologie IDMT

nachricht On patrol in social networks
25.01.2017 | Fraunhofer-Institut für Arbeitswirtschaft und Organisation IAO

All articles from Communications Media >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Salmonella as a tumour medication

HZI researchers developed a bacterial strain that can be used in cancer therapy

Salmonellae are dangerous pathogens that enter the body via contaminated food and can cause severe infections. But these bacteria are also known to target...

Im Focus: Neutron star merger directly observed for the first time

University of Maryland researchers contribute to historic detection of gravitational waves and light created by event

On August 17, 2017, at 12:41:04 UTC, scientists made the first direct observation of a merger between two neutron stars--the dense, collapsed cores that remain...

Im Focus: Breaking: the first light from two neutron stars merging

Seven new papers describe the first-ever detection of light from a gravitational wave source. The event, caused by two neutron stars colliding and merging together, was dubbed GW170817 because it sent ripples through space-time that reached Earth on 2017 August 17. Around the world, hundreds of excited astronomers mobilized quickly and were able to observe the event using numerous telescopes, providing a wealth of new data.

Previous detections of gravitational waves have all involved the merger of two black holes, a feat that won the 2017 Nobel Prize in Physics earlier this month....

Im Focus: Smart sensors for efficient processes

Material defects in end products can quickly result in failures in many areas of industry, and have a massive impact on the safe use of their products. This is why, in the field of quality assurance, intelligent, nondestructive sensor systems play a key role. They allow testing components and parts in a rapid and cost-efficient manner without destroying the actual product or changing its surface. Experts from the Fraunhofer IZFP in Saarbrücken will be presenting two exhibits at the Blechexpo in Stuttgart from 7–10 November 2017 that allow fast, reliable, and automated characterization of materials and detection of defects (Hall 5, Booth 5306).

When quality testing uses time-consuming destructive test methods, it can result in enormous costs due to damaging or destroying the products. And given that...

Im Focus: Cold molecules on collision course

Using a new cooling technique MPQ scientists succeed at observing collisions in a dense beam of cold and slow dipolar molecules.

How do chemical reactions proceed at extremely low temperatures? The answer requires the investigation of molecular samples that are cold, dense, and slow at...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

3rd Symposium on Driving Simulation

23.10.2017 | Event News

ASEAN Member States discuss the future role of renewable energy

17.10.2017 | Event News

World Health Summit 2017: International experts set the course for the future of Global Health

10.10.2017 | Event News

 
Latest News

Microfluidics probe 'cholesterol' of the oil industry

23.10.2017 | Life Sciences

Gamma rays will reach beyond the limits of light

23.10.2017 | Physics and Astronomy

The end of pneumonia? New vaccine offers hope

23.10.2017 | Health and Medicine

VideoLinks
B2B-VideoLinks
More VideoLinks >>>