A Network Coding-Based Approach to Probabilistic Packet Marking

Traceback schemes aim at identifying the source(s) of a sequence of packets and the nodes these packets traversed. This is useful for tracing the sources of high volume traffic, e.g., in Distributed Denial-of-Service (DDoS) attacks. In this paper, we are interested in Probabilistic Packet Marking (PPM) schemes, in which intermediate nodes probabilistically mark packets with information about their identity and the receiver uses information from several packets to reconstruct the paths traversed by these packets. The main idea of the paper is a network coding-based approach that marks packets with random linear combinations of the router ids instead of individual router ids. We show that this approach decreases significantly the number of packets required to reconstruct the attack paths. We also show that it is implementable in practice using a small number of under-utilized bits on the IP packet header; our proposed practical scheme optimizes the tradeoff in the bit-budget allocation, naturally raised by the network coding marking approach, and reconstructs the attack graph with low computational complexity, high accuracy and low delay. We also combine the network coding marking approach with adjusting the marking probabilities of different routers and show that this further improves the performance. Along the way, we accurately model the performance of our proposed as well as of prior PPM schemes based on the coupon collector’s problem with unequal probabilities. We show the significant benefit of our proposed schemes through comparison to several baseline schemes, under the same bit-budget, and considering various attack topologies. The ideas of network coding-based marking and adjusted marking probabilities are orthogonal to and can be combined with several existing PPM schemes to improve the overall performance.

[1]  P. Erd6s ON A CLASSICAL PROBLEM OF PROBABILITY THEORY b , 2001 .

[2]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[3]  R. Koetter,et al.  The benefits of coding over routing in a randomized setting , 2003, IEEE International Symposium on Information Theory, 2003. Proceedings..

[4]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[5]  Tracey Ho,et al.  Network Coding: An Introduction , 2008 .

[6]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[7]  Muriel Médard,et al.  Algebraic gossip: a network coding approach to optimal multiple rumor mongering , 2006, IEEE Transactions on Information Theory.

[8]  Micah Adler,et al.  Efficient probabilistic packet marking , 2005, 13TH IEEE International Conference on Network Protocols (ICNP'05).

[9]  B. Rizvi,et al.  Analysis of adjusted probabilistic packet marking , 2003, Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764).

[10]  Oliver Heckmann,et al.  How to use Topology Generators to create realistic Topologies , 2002 .

[11]  Christos Gkantsidis,et al.  Network coding for large scale content distribution , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[12]  Dong Wei,et al.  Implementing IP Traceback in the Internet — An ISP Perspective , 2002 .

[13]  Wen-Shyong Hsieh,et al.  Probabilistic packet marking with non-preemptive compensation , 2004, IEEE Communications Letters.

[14]  M. Abliz Internet Denial of Service Attacks and Defense Mechanisms , 2011 .

[15]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[16]  Nirwan Ansari,et al.  A practical and robust inter-domain marking scheme for IP traceback , 2007, Comput. Networks.

[17]  Miao Ma,et al.  Tabu marking scheme to speedup IP traceback , 2006, Comput. Networks.

[18]  Jianping Pan,et al.  Vulnerability analysis of IP traceback schemes , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[19]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[20]  Christina Fragouli,et al.  Network Coding Fundamentals , 2007, Found. Trends Netw..

[21]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[22]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[23]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[24]  Tracey Ho,et al.  A Random Linear Network Coding Approach to Multicast , 2006, IEEE Transactions on Information Theory.

[25]  Suhas N. Diggavi,et al.  Subspace Properties of Randomized Network Coding , 2007, 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks.

[26]  Kotagiri Ramamohanarao,et al.  Adjusted Probabilistic Packet Marking for IP Traceback , 2002, NETWORKING.

[27]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[28]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[29]  Harald Niederreiter,et al.  Probability and computing: randomized algorithms and probabilistic analysis , 2006, Math. Comput..

[30]  Jörg Widmer,et al.  Network coding: an instant primer , 2006, CCRV.

[31]  Hassan Aljifri,et al.  IP Traceback using header compression , 2003, Comput. Secur..

[32]  Jun Xu,et al.  IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DDoS Attacks , 2003, IEEE Trans. Parallel Distributed Syst..

[33]  Yeh-Ching Chung,et al.  Dynamic probabilistic packet marking for efficient IP traceback , 2007, Comput. Networks.

[34]  K. Shadan,et al.  Available online: , 2012 .

[35]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.