A Probabilistic Marking Scheme for Fast Traceback

For existing probabilistic marking technologies for IP traceback, such as Probabilistic Packet Marking (PPM), TTL-based Packet Marking (TPM) and Dynamic Probabilistic Packet Marking (DPPM), it is difficult to reconstruct attack path(s) fast and defend against spoofed marks. In this paper, we present Adaptive Probabilistic Marking scheme (APM), where the TTL value of each packet is set to a uniform number at the first-hop router, and each router deduces the distance that each packet has already traveled, and then adaptively marks the packet with the probability inversely proportional to the distance. We theoretically prove that, in APM, the victim requires the fewest packets for a successful traceback, the effect of spoofed marks can be eliminated. NS2 experiments show, in APM, the time for the victim to collect all the obligatory marks for the path reconstruction is reduced by more than 20% compared with existing schemes, and spoofed marks cannot reach the victim.

[1]  Yeh-Ching Chung,et al.  Dynamic probabilistic packet marking for efficient IP traceback , 2007, Comput. Networks.

[2]  Micah Adler,et al.  Trade-offs in probabilistic packet marking for IP traceback , 2005, JACM.

[3]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[4]  Kamil Saraç,et al.  A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking , 2008, IEEE Transactions on Parallel and Distributed Systems.

[5]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[6]  Peter Neal,et al.  The Generalised Coupon Collector Problem , 2008, Journal of Applied Probability.

[7]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[8]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[9]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[10]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[11]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[12]  Vamsi Paruchuri,et al.  TTL Based Packet Marking for IP Traceback , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[13]  Jun Li,et al.  Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Information-Theoretic Foundation , 2008, IEEE/ACM Transactions on Networking.

[14]  G. Manimaran,et al.  Novel hybrid schemes employing packet marking and logging for IP traceback , 2006, IEEE Transactions on Parallel and Distributed Systems.

[15]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[16]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..