TY - JOUR
T1 - An improved ant colony system algorithm for solving the IP traceback problem
AU - Wang, Ping
AU - Lin, Hui Tang
AU - Wang, Tzy Shiah
N1 - Funding Information:
This work was supported jointly by TWISC@ NCKU and the National Science Council of Taiwan under Grant Nos. MOST 103-2632-E-168-001 and MOST 103-2627-E-168-001 .
Publisher Copyright:
© 2015 Elsevier Inc. All rights reserved.
Copyright:
Copyright 2015 Elsevier B.V., All rights reserved.
PY - 2016/1/1
Y1 - 2016/1/1
N2 - The difficulty in identifying the origin of an attack over the Internet is termed the IP traceback (IPTBK) problem. The probable origin of an attack is commonly investigated using some form of ant colony system (ACS) algorithms. However, such algorithms tend to converge to a local suboptimal solution, meaning that the perpetrator of the attack cannot be found. Therefore, the present study proposes a modified ACS scheme (denoted as ACS-IPTBK) that can identify the true attack path even without the entire network routing information. The ability of the ants to search all feasible attack paths was enhanced using a global heuristic mechanism in which the ant colony was partitioned into multiple subgroups, with each subgroup having its own pheromone updating rule. The performance of the ACS-IPTBK algorithm in reconstructing the attack path was investigated through a series of ns2 simulations by using network topologies generated by the Waxman model. The simulations focused specifically on the effects of the ACS model parameters and network characteristics on the performance of the ACS-IPTBK scheme in converging towards the true attack path. Finally, the robustness of the proposed scheme against spoofed IP attacks was investigated. The results showed that the proposed scheme has a slightly slower convergence speed than does the conventional ACS algorithm, but yields a more globally optimal solution for the attack path, particularly in large-scale network topologies.
AB - The difficulty in identifying the origin of an attack over the Internet is termed the IP traceback (IPTBK) problem. The probable origin of an attack is commonly investigated using some form of ant colony system (ACS) algorithms. However, such algorithms tend to converge to a local suboptimal solution, meaning that the perpetrator of the attack cannot be found. Therefore, the present study proposes a modified ACS scheme (denoted as ACS-IPTBK) that can identify the true attack path even without the entire network routing information. The ability of the ants to search all feasible attack paths was enhanced using a global heuristic mechanism in which the ant colony was partitioned into multiple subgroups, with each subgroup having its own pheromone updating rule. The performance of the ACS-IPTBK algorithm in reconstructing the attack path was investigated through a series of ns2 simulations by using network topologies generated by the Waxman model. The simulations focused specifically on the effects of the ACS model parameters and network characteristics on the performance of the ACS-IPTBK scheme in converging towards the true attack path. Finally, the robustness of the proposed scheme against spoofed IP attacks was investigated. The results showed that the proposed scheme has a slightly slower convergence speed than does the conventional ACS algorithm, but yields a more globally optimal solution for the attack path, particularly in large-scale network topologies.
UR - http://www.scopus.com/inward/record.url?scp=84943800149&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84943800149&partnerID=8YFLogxK
U2 - 10.1016/j.ins.2015.07.006
DO - 10.1016/j.ins.2015.07.006
M3 - Article
AN - SCOPUS:84943800149
SN - 0020-0255
VL - 326
SP - 172
EP - 187
JO - Information sciences
JF - Information sciences
ER -