Still Life

Firefighters battled a controlled blaze on the tarmac at Penn State's University Park Airport on May 23 during a full-scale emergency exercise. The exercise was designed to provide real-time training and recertification for emergency response personnel from around the Centre Region.

University Park Airport Emergency Response Exercise

A moment of levity: Penn State Lehigh Valley graduates celebrated with the Nittany Lion after commencement ceremonies, held May 5 at Stabler Arena in Bethlehem, Pa.

Commencement across Penn State: Spring 2012

New graduates of Penn State's Eberly College of Science listened to the commencement address provided by United States Secretary of Energy Steven Chu during spring 2012 graduation ceremonies held May 5 at the Bryce Jordan Center on the University Park campus.

Spring commencement 2012 under way

A Moroccan farmer taught Penn State students about the properties of vetiver grass, including its ability to clean wastewater. The grass could be used as part of a solution to water-quality problems being experienced in Assoul, Morocco, where students spent time recently.

Penn State, Moroccan students problem-solve together

Anjelica Fortunato, left, and Jeffrey Lu reviewed for their Anatomy 129 final exam on May 1 on the HUB-Robeson Center Lawn on Penn State's University Park campus. Penn State students are preparing for and taking final exams throughout the week as spring semester 2012 comes to a close.

Finals Week Spring Semester 2012

Featured Video

Painting the Lines at Beaver Stadium

Painting the Lines at Beaver Stadium

Did They Get It Right? - RedTails

Did They Get It Right? - RedTails

Iconic Penn State elm taken down over spring break 2012

Iconic Penn State elm taken down over spring break 2012

We ... are Penn State (December 19, 2011)

We ... are Penn State (December 19, 2011)

Disease stricken matching elm tree slated for removal

Disease stricken matching elm tree slated for removal

Penn State's creamery, from the cow to the cone

Penn State's creamery, from the cow to the cone

Updates:
Penn State Promise

Board of Trustees launches new website

Faculty Senate recaps 2011-12 activity for Board of Trustees

Frazier provides update on Special Investigations Task Force

Board of Trustees meeting to be streamed live

Penn State donates more than $2.6 million to abuse prevention efforts

New marking process traces spammers, pirates and hackers

Wednesday, March 31, 2004

University Park, Pa. -- Penn State researchers have proposed a new marking process for Internet messages to make it easier to trace the originators of spam, illegal copyrighted material or a virus attack.

The new marking scheme produced less than one percent false positives per 1,000 attacking addresses in simulated distributed denial of service attacks and even fewer false positives and zero missed detections tracing addresses transferring copyrighted material in another simulation.

Marking messages via the Penn State approach involves no more loss of privacy than that of a postmark. Ihab Hamadeh, doctoral candidate in computer science and engineering, and George Kesidis, associate professor of electrical engineering and of computer science and engineering, developed the process.

"The technique offers internet access providers a real-time, cost-effective way to conduct forensics and improve security for the Internet," Kesidis says. "In addition, the approach will be demonstrably effective during an incremental deployment phase, thereby, creating incentives for broader deployment to satisfy the cyber security concerns of the Internet services industry and government regulators."

To defend against spam and viruses or to stop illegal file sharing, an organization must be able to identify the originator of the offending messages. However, spammers, pirates and hackers most often use incorrect, disguised or false addresses on their messages or data packets to deter trace back. Such spoofed addresses are illegal in the U.S. but so far, effective.

To overcome such spoofed source addresses, the Penn State researchers propose a strategy in which every message or data packet is marked with an identifying number by a border router. Border routers are peripheral stations that a packet passes through on its way onto the Internet.

Since every packet is forwarded onto the Internet and marked by only one trustworthy border router, spoofers would not be able to insert false marks on their packets to undermine trace back. The packets would always be traceable to a specific border router and could be stopped or investigated at that point.

While other researchers have proposed marking packets, the Penn State approach is the first to use border routers to mark packets. The marks are intended to occupy obsolete fields in the IP packet headers and are formed from the 32-bit IP addresses of the border router.

If the available obsolete field in the IP packet header is less than 32 bits long, the Penn Staters propose segmenting the border router's IP address into several overlapping fragments that can fit. Each such fragment would be used as a possible mark by the router.

At the victim's side, fragments from packets identified as malicious are pieced together to form the addresses of the border routers that marked and forwarded them. The overlapping fields allow the victim to correlate fragments from the same border router thereby reducing false positives.

The researchers have described their approach in two papers presented last year: "Packet Marking for Traceback of Illegal Content Distribution" and "Performance of IP Address Fragmentation Strategies for DDoS Traceback."

The University has filed an invention disclosure and is patenting the process. The research was supported, in part, by a Cisco Ltd. University Research Project grant.