Intra-domain IP traceback using OSPF

Denial of service (DoS) attacks are a serious threat to the appropriate operation of services within network domains. In this paper, we propose a system that creates an overlay network to provide intra-domain IP traceback to deal with this threat. The Main contribution of our proposal with respect to previous work is its ability to provide partial and progressive deployment of the traceback system throughout a monitored network domain. We build the overlay network using the OSPF routing protocol through the creation of an IP Traceback Opaque LSA (Link State Advertisement). We also investigate and evaluate the performance of partial and progressive deployment of the proposed system, showing its suitability even for large network domains.

[1]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[2]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[3]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[4]  John Moy,et al.  Graceful OSPF Restart , 2003, RFC.

[5]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[6]  Jun Xu,et al.  Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation , 2008, TNET.

[7]  H BloomBurton Space/time trade-offs in hash coding with allowable errors , 1970 .

[8]  M. Uysal,et al.  DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks , 2009, IEEE/ACM Transactions on Networking.

[9]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[10]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[11]  Ibrahim Matta,et al.  On the origin of power laws in Internet topologies , 2000, CCRV.

[12]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[13]  Damien Magoni,et al.  Analysis and Comparison of Internet Topology Generators , 2002, NETWORKING.

[14]  MedinaAlberto,et al.  On the origin of power laws in Internet topologies , 2000 .

[15]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[16]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[17]  Ronaldo M. Salles,et al.  Intra-domain IP traceback using OSPF , 2009, LANOMS.

[18]  David Clark,et al.  Tussle in cyberspace: defining tomorrow's internet , 2002, SIGCOMM 2002.

[19]  Igor M. Moraes,et al.  A New IP Traceback System Against Distributed Denial-of-Service Attacks , 2005 .

[20]  Igor M. Moraes,et al.  Towards Stateless Single-Packet IP Traceback , 2007 .

[21]  FaloutsosMichalis,et al.  On power-law relationships of the Internet topology , 1999 .

[22]  Dave Katz,et al.  Traffic Engineering (TE) Extensions to OSPF Version 2 , 2003, RFC.

[23]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2007, Int. J. Secur. Networks.

[24]  Dmitri V. Krioukov,et al.  Revealing the Autonomous System Taxonomy: The Machine Learning Approach , 2006, ArXiv.

[25]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[26]  Ramesh Govindan,et al.  Heuristics for Internet map discovery , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[27]  Ronaldo M. Salles,et al.  An AS-level overlay network for IP traceback , 2009, IEEE Network.

[28]  Edsger W. Dijkstra,et al.  A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[29]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[30]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[31]  Shigeyuki Matsuda,et al.  Tracing Network Attacks to Their Sources , 2002, IEEE Internet Comput..

[32]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[33]  S. Sitharama Iyengar,et al.  Efficient And Secure Autonomous System Based Traceback , 2004, J. Interconnect. Networks.

[34]  Norio Shiratori,et al.  Extensions to the source path isolation engine for precise and efficient log-based IP traceback , 2010, Comput. Secur..

[35]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[36]  Damien Magoni,et al.  nem: a software for network topology analysis and modeling , 2002, Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems.

[37]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[38]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[39]  S. Selvakumar,et al.  Distributed Denial-of-Service (DDoS) Threat in Collaborative Environment - A Survey on DDoS Attack Tools and Traceback Mechanisms , 2009, 2009 IEEE International Advance Computing Conference.

[40]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[41]  Lou Berger,et al.  The OSPF Opaque LSA Option , 1998, RFC.

[42]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.