Enhanced probabilistic packet marking for IP traceback

A novel mechanism based on probabilistic packet marking (PPM) for IP traceback is presented. Our proposal enhances the performance of PPM in the following aspects. First, PPM can effectively trace denial of service (DoS) attacks and small-scale distributed DoS (DDoS) attacks only while our proposal may also be used to tackle large-scale DDoS attacks. Second, our scheme eliminates a serious vulnerability of PPM, i.e., spoofed marking inscribed by the attacker intentionally. Third, by optimizing the marking probability and refining the marking mechanism, our scheme can significantly reduce the number of packets required for path reconstruction. In comparison with PPM, as many as 41.31% of marked packets required for a single path reconstruction may be reduced using our scheme.

[1]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[2]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[3]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[4]  Jun Xu,et al.  IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DDoS Attacks , 2003, IEEE Trans. Parallel Distributed Syst..

[5]  Henning Schulzrinne,et al.  Multifunctioal ICMP messages for e-commerce , 2004, IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004.

[6]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[7]  B. Rizvi,et al.  Analysis of adjusted probabilistic packet marking , 2003, Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764).

[8]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[9]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[10]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[11]  Gui Liang Feng,et al.  Algebraic geometric code based IP traceback , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[12]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[13]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[14]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[15]  Yasushi Wakahara,et al.  Branch label based probabilistic packet marking for IP traceback , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[16]  Hassan Aljifri,et al.  IP Traceback using header compression , 2003, Comput. Secur..

[17]  Moon-Chuen Lee,et al.  An IP traceback technique against denial-of-service attacks , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[18]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[19]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[20]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[21]  Marcel Waldvogel,et al.  GOSSIB vs. IP traceback rumors , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[22]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[23]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[24]  Wen-Shyong Hsieh,et al.  Probabilistic packet marking with non-preemptive compensation , 2004, IEEE Communications Letters.

[25]  Fred Baker,et al.  Requirements for IP Version 4 Routers , 1995, RFC.

[26]  Micah Adler,et al.  Trade-offs in probabilistic packet marking for IP traceback , 2005, JACM.

[27]  Kotagiri Ramamohanarao,et al.  Adjusted Probabilistic Packet Marking for IP Traceback , 2002, NETWORKING.

[28]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[29]  G. Manimaran,et al.  A novel packet marking scheme for IP traceback , 2004, Proceedings. Tenth International Conference on Parallel and Distributed Systems, 2004. ICPADS 2004..

[30]  Yeh-Ching Chung,et al.  Efficient dynamic probabilistic packet marking for IP traceback , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[31]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[32]  Shigang Chen,et al.  A new perspective in defending against DDoS , 2004, Proceedings. 10th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2004. FTDCS 2004..

[33]  Nirwan Ansari,et al.  Tracing multiple attackers with deterministic packet marking (DPM) , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[34]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[35]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.