Towards Improving an Algebraic Marking Scheme for Tracing DDoS Attacks

Distributed Denial of Service (DDoS) attacks could be considered as one of the most serious security problems to the Internet today. To locate the sources of the attack packets, we usually need to find the paths through which the attack packets traversed from the sources to the victim. In this paper, we identify the weaknesses of an existing algebraic marking scheme for tracing DDoS attacks, and propose an improved version of the marking scheme. Simulation experiment results show that the proposed marking scheme could achieve a high success rate in tracing the attack sources. When compared with other marking schemes, it requires fewer packets for attack paths reconstruction. Further, it is characterized by generating no false positives, creating no additional traffic to the network, having a relatively low packet marking and attack path reconstruction overhead, and being backward compatible.

[1]  Kurt Rothermel,et al.  Dynamic distance maps of the Internet , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[2]  Marcel Waldvogel,et al.  GOSSIB vs. IP traceback rumors , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[3]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[4]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[5]  W. Press,et al.  Numerical Recipes in Fortran: The Art of Scientific Computing.@@@Numerical Recipes in C: The Art of Scientific Computing. , 1994 .

[6]  A. L. Narasimha Reddy,et al.  Mitigation of DoS attacks through QoS regulation , 2004, Microprocess. Microsystems.

[7]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[8]  Jae-Kwang Lee,et al.  Multi Layer Approach to Defend DDoS Attacks Caused by Spam , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[9]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[10]  Chun-Kan Fung,et al.  A public-key based authentication and key establishment protocol coupled with a client puzzle , 2003, J. Assoc. Inf. Sci. Technol..

[11]  Thomas W. Judson Abstract Algebra: Theory and Applications , 2009 .

[12]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[13]  Russ Bubley,et al.  Randomized algorithms , 2018, CSUR.

[14]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[15]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[16]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[17]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[18]  William H. Press,et al.  Book-Review - Numerical Recipes in Pascal - the Art of Scientific Computing , 1989 .

[19]  William Allen Simpson,et al.  Photuris: Session-Key Management Protocol , 1999, RFC.

[20]  Rajeev Motwani,et al.  Randomized algorithms , 1996, CSUR.

[21]  Ion Stoica,et al.  Providing guaranteed services without per flow management , 1999, SIGCOMM '99.

[22]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.