IP Tracing and Active Network Response

Abstract: Active security is mainly concerned with performing one or more security functions when a host in a communication network is subject to an attack. Such security functions include appropriate actions against attackers. To properly afford active security actions a set of software subsystems should be integrated together so that they can automatically detect and appropriately address any vulnerability in the underlying network. This work presents integrated model for active security response model. The proposed model introduces Active Response Mechanism (ARM) for tracing anonymous attacks in the network back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed", source addresses. This paper presents within the proposed model two tracing approaches based on: 1.Sleepy Watermark Tracing (SWT) for unauthorized access attacks. 2.Probabilistic Packet Marking (PPM) in the network for Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. On the basis of the proposed model a cooperative network security tools such as firewall, intrusion detection system with IP tracing mechanism has been designed for taking a rapid active response against real IPs for attackers. The proposed model is able to detect network vulnerabilities, trace attack source IP and reconfigure the attacked subnetworks.