To effectively counter DDOS attacks from bot herder, Web defenders have developed some approaches to successfully detect and traceback the command and control (C&C) server of botnet for Web security. Yet, available botnet detection schemes assume that all of the ISPs cooperate in providing the routing information required reconstructing the attack path. However, in most practical cases, this assumption cannot be guaranteed. Accordingly, the present study proposes a new approach for solving the IP traceback problem in botnets by means of ant colony optimization (ACO) algorithm. In the proposed approach, ant-inspired collective intelligence is used to predict the most possible attack path based on a consideration of both the support degree and the confidence degree. The validation of model uses NS2 (Network Simulator, version2) complied by dark IP map, to simulate the scenario of spoofed IP attacks. Finally, the robustness of the proposed scheme toward spoofed IP attacks in investigated. Overall, the results confirm that the proposed method provides an effective means of reconstructing the path between the attacker and the victim in the absence of full routing information.
International Journal on Advances in Information Sciences and Service Sciences, 3(2), 46-59