Achieving Packet Traceback by Inferring AS-Level Topology Based on Cryptographic Path Identifiers

Although the Internet has become a huge system with more than 70000 autonomous systems (ASes) in the past decades, the lack of coherent security has left the Internet vulnerable to various cyber attacks (e.g., DDoS). There are many studies on tracing back malicious packets, aiming to figure out which ASes the attacker is in and which ASes the malicious packets traverse. However, it is hard to achieve per-packet traceback under the traditional TCP/IP architecture, since it is agnostic to the AS-level paths. In this paper, we focus on another clean-slate Internet architecture called path-aware networking (PAN). Typical PAN architectures include SCION, CoLoR, and LIPSIN. Under PAN architectures, the in-packet path identifiers (PIDs) enable us to infer the AS-level topology and then trace back each malicious packet accurately. Despite the powerful traceback capability, there is no study on this topology inference problem as far as we know. This is because PAN architectures adopt different path identification methods, thus the topology inference problems have different formulations. In this paper, we would like to take an initial step and investigate how to infer the AS-level topology under a specific PAN architecture CoLoR, which adopts cryptographic path identification. Specifically, an AS or an end-host acts as the observer and collects PID sequences in the packets traversing it. The observer then infers the AS-level topology based on the collected PID sequences. Extensive simulations show that the accuracy of our proposed topology inference method is greater than 95%. The inferred AS-level topology can be used to monitor network traffic, detect traffic anomaly and trace back attackers, thus is helpful for enhancing network security and mission-critical applications (e.g., blockchain).