A Concise Network-Centric Survey of IP Traceback Schemes based on Probabilistic Packet Marking

Multiple probabilistic packet marking (PPM) schemes for IP traceback have been proposed to deal with Distributed Denial of Service (DDoS) attacks by reconstructing their attack graphs and identifying the attack sources. In this paper, ten PPM-based IP traceback schemes are compared and analyzed in terms of features such as convergence time, performance evaluation, underlying topologies, incremental deployment, re-marking, and upstream graph. Our analysis shows that the considered schemes exhibit a significant discrepancy in performance as well as performance assessment. We concisely demonstrate this by providing a table showing that (a) different metrics are used for many schemes to measure their performance and, (b) most schemes are evaluated on different classes of underlying network topologies. Our results reveal that both the value and arrangement of the PPM-based scheme convergence times vary depending on exactly the underlying network topology. As a result, this paper shows that a side-by-side comparison of the scheme performance a complicated and turns out to be a crucial open problem in this research area.

[1]  M. Tech,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2014 .

[2]  Nirwan Ansari,et al.  Tracing cyber attacks from the practical perspective , 2005, IEEE Communications Magazine.

[3]  Walter Willinger,et al.  Network topologies, power laws, and hierarchy , 2002, CCRV.

[4]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[5]  Vern Paxson End-to-end routing behavior in the internet , 2006, Comput. Commun. Rev..

[6]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[7]  Miao Ma,et al.  Tabu marking scheme to speedup IP traceback , 2006, Comput. Networks.

[8]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[9]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[10]  BERNARD M. WAXMAN,et al.  Routing of multipoint connections , 1988, IEEE J. Sel. Areas Commun..

[11]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[12]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[13]  Ibrahim Matta,et al.  BRITE: an approach to universal topology generation , 2001, MASCOTS 2001, Proceedings Ninth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[14]  Matthias R. Brust,et al.  Topology-dependent performance of attack graph reconstruction in PPM-based IP traceback , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[15]  Charles J. Colbourn,et al.  Unit disk graphs , 1991, Discret. Math..

[16]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[17]  Matthias R. Brust,et al.  Secured node-to-node key agreement for wireless sensor networks , 2015, 2015 International Conference on Information Networking (ICOIN).

[18]  Man Hon Wong,et al.  A Precise Termination Condition of the Probabilistic Packet Marking Algorithm , 2008, IEEE Transactions on Dependable and Secure Computing.

[19]  Charles M. Grinstead,et al.  Introduction to probability , 1999, Statistics for the Behavioural Sciences.

[20]  Mark Crovella,et al.  Server selection using dynamic path characterization in wide-area networks , 1997, Proceedings of INFOCOM '97.

[21]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[22]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[23]  Xiaoming He,et al.  An Improved Dynamic Probabilistic Packet Marking for IP Traceback , 2010 .

[24]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[25]  Matthias R. Brust,et al.  Using network motifs to investigate the influence of network topology on PPM-based IP traceback schemes , 2014, Comput. Networks.

[26]  Matthias R. Brust,et al.  A prediction based approach to IP traceback , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[27]  Kenneth L. Calvert,et al.  Modeling Internet topology , 1997, IEEE Commun. Mag..

[28]  Wen-Shyong Hsieh,et al.  Probabilistic packet marking with non-preemptive compensation , 2004, IEEE Communications Letters.

[29]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[30]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[31]  L. Dworsky An Introduction to Probability , 2008 .

[32]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[33]  Vamsi Paruchuri,et al.  TTL Based Packet Marking for IP Traceback , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.