A novel packet marking scheme for IP traceback

Recently, several schemes have been proposed for IP traffic source identification for tracing denial of service (DoS) attacks. Most of these schemes require very large number of packets to conduct the traceback process, which results in lengthy and complicated procedure. In this paper, we address this issue by proposing a scheme, called probabilistic pipelined packet marking (PPPM), which employs the concept of "pipeline" for propagating marking information from one marking router to another so that it eventually reaches the destination. The key benefit of this pipeline process lies in drastically reducing the number of packets that is required for the traceback process. We evaluate the effectiveness of the proposed scheme for various performance metrics through combination of analytical and simulation studies. Our studies show that the proposed scheme offers high attack source detection percentage, and attack source localization distance of less than two hops under different attack scenarios.

[1]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[2]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[3]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[4]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[5]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[6]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[7]  Tzi-cker Chiueh,et al.  A path information caching and aggregation approach to traffic source identification , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[8]  Brian Krebs,et al.  Attack On Internet Called Largest Ever , 2002 .

[9]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[10]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[11]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.