Deterministic flow marking for IPv6 traceback (DFM6)

Although some security threats were taken into consideration in the IPv6 design, DDoS attacks still exist in the IPv6 networks. The main difficulty to counter the DDoS attacks is to trace the source of such attacks, as the attackers often use spoofed source IP addresses to hide their identity. This makes the IP traceback schemes very relevant to the security of the IPv6 networks. Given that most of the current IP traceback approaches are based on the IPv4, they are not suitable to be applied directly on the IPv6 networks. In this research, a modified version of the Deterministic Flow Marking (DFM) approach for the IPv6 networks, called DFM6, is presented. DFM6 embeds a fingerprint in only one packet of each flow to identify the origin of the IPv6 traffic traversing through the network. DFM6 requires only a small amount of marked packets to complete the process of traceback with high traceback rate and no false positives.

[1]  Steven Blake Use of the IPv6 Flow Label as a Transport-Layer Nonce to Defend Against Off-Path Spoofing Attacks , 2009 .

[2]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[3]  Syed Obaid Amin,et al.  A novel IPv6 traceback architecture using COPS protocol , 2008, Ann. des Télécommunications.

[4]  Cui Zhang,et al.  Modified Deterministic Packet Marking for DDoS Attack Traceback in IPv6 Network , 2011, 2011 IEEE 11th International Conference on Computer and Information Technology.

[5]  A. Nur Zincir-Heywood,et al.  IP traceback through (authenticated) deterministic flow marking: an empirical evaluation , 2013, EURASIP Journal on Information Security.

[6]  A. Nur Zincir-Heywood,et al.  Deterministic and Authenticated Flow Marking for IP Traceback , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[7]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[8]  A. Nur Zincir-Heywood,et al.  On Evaluating IP Traceback Schemes: A Practical Perspective , 2013, 2013 IEEE Security and Privacy Workshops.

[9]  Choong Seon Hong,et al.  On IPv6 traceback , 2006, 2006 8th International Conference Advanced Communication Technology.

[10]  Ashwani Parashar,et al.  Improved deterministic packet marking algorithm for IPv6 traceback , 2014, 2014 International Conference on Electronics and Communication Systems (ICECS).

[11]  Animesh Tripathy,et al.  A secure packet marking scheme for IP traceback in IPv6 , 2012, ICACCI '12.