TY - GEN
T1 - A revised ant colony optimization scheme for discovering attack paths of botnet
AU - Wang, Ping
AU - Lin, Hui Tang
AU - Wang, Tzy Shiah
PY - 2011/12/1
Y1 - 2011/12/1
N2 - IP traceback technique is an effective method to find either the attack origin or command-and-control (C&C) server on the Internet. The traditional ACO (ant colony optimization) constantly converged to a local minimum solution easily such that the global most portable of the final solution might be missed. Accordingly, the present study proposes a modified ACS (ant colony system) scheme designated as ACS-IPTBK to solve the IP traceback problem, predict both the most probable attack path and the computational resources needed in botnets. The ability of the ants to search all feasible attack paths is enhanced by means of a global heuristics. A series of ns2 simulations are performed to investigate the minimum resources required to successfully reconstruct the attack path. The convergence time for attack paths of different routing distances were investigated using a random graph generator based on Waxman's scheme. Overall, the results confirm that the proposed method provides an effective means of reconstructing the path between the attacker and the victim based on the incomplete routing information from the related ISPs.
AB - IP traceback technique is an effective method to find either the attack origin or command-and-control (C&C) server on the Internet. The traditional ACO (ant colony optimization) constantly converged to a local minimum solution easily such that the global most portable of the final solution might be missed. Accordingly, the present study proposes a modified ACS (ant colony system) scheme designated as ACS-IPTBK to solve the IP traceback problem, predict both the most probable attack path and the computational resources needed in botnets. The ability of the ants to search all feasible attack paths is enhanced by means of a global heuristics. A series of ns2 simulations are performed to investigate the minimum resources required to successfully reconstruct the attack path. The convergence time for attack paths of different routing distances were investigated using a random graph generator based on Waxman's scheme. Overall, the results confirm that the proposed method provides an effective means of reconstructing the path between the attacker and the victim based on the incomplete routing information from the related ISPs.
UR - http://www.scopus.com/inward/record.url?scp=84863017231&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84863017231&partnerID=8YFLogxK
U2 - 10.1109/ICPADS.2011.11
DO - 10.1109/ICPADS.2011.11
M3 - Conference contribution
AN - SCOPUS:84863017231
SN - 9780769545769
T3 - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
SP - 918
EP - 923
BT - Proceedings - 2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011
T2 - 2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011
Y2 - 7 December 2011 through 9 December 2011
ER -