Two-Phase Traceback of DDoS Attacks with Overlay Network

traceback. Abstract. An overlay network based traceback scheme against DDoS attacks is proposed in this paper. A CAT server is set in each ISP domain, and receives the alert packets from routers in the domain. According to the alert packets, the intra-domain attack tree is constructed. An alert will be sent to the victim once an intra-domain attack tree is formed. The inter-domain attack tree is constructed at the CAT server of the victim end according to the received alert packets from upstream domains. The traceback request is sent to each CAT server of the inter-domain attack tree once the DDoS attacks are detected. Having received the request, the CAT server will find the attack source along the intra-domain attack tree, and take measures to stop DDoS attacks. The proposed scheme implements two-phase traceback of DDoS attacks effectively and fast.

[1]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[2]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[3]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[4]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[5]  Tsern-Huei Lee,et al.  A deterministic packet marking scheme for tracing multiple Internet attackers , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[6]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.