Large Scale Demonstration Experiments Towards Acheiving Practical Traceback on the Internet

Abstract

Recently, attacks involving source IP spoofing have become a critical issue for Internet security and operation from the viewpoint of ISP. Research and development into traceback systems that trace an end victim host to an end spoofing host via multiple ISPs is progressing. However, many difficult issues, including those that can't be resolved by IT technology alone, have prevented traceback systems from achieving widespread adoption. We had been researching issues of widespread traceback adoption since 2005, and resolved many challenges on a step-by-step basis. In 2006 we developed an operational model that provided a solution to the three cornered deadlock affecting traceback, which consisted of interrelated operational, legal and technical issues. In 2007 we constructed a three-layer traceback system. In 2008 we conducted a first of demonstration experiments with five ISPs, and found an efficient traceback deployment scenario applicable to Japan. In this paper, we introduce the results of large scale demonstration experiments conducted in 2009, and consider issues about system performance, operational efficiency, the management system’s validity, and system adaptability, all of which are necessary for our traceback system to achieve widespread adoption.