Toward a More Practical Marking Scheme for IP Traceback

Probabilistic packet marking (PPM) has been studied as a promising approach to realize IP traceback. In this paper, we propose a new PPM approach that improves the current state of the art in two practical directions: (I) it improves the efficiency and accuracy of IP traceback and (2) it provides incentives for ISPs to deploy IP traceback in their networks. Our PPM approach employs a new IP header encoding scheme to store the whole identification information of a router into a single packet. This eliminates the computation overhead and false positives due to router identification fragmentation. Our approach does not disclose the IP addresses of the routers having marked packets, thereby alleviating the ISP's security concern of disclosing network topology. Our approach is able to control the distribution of marking information. So it is suitable to be deployed as a value-added service which may create revenue for ISPs. Therefore our PPM approach improves the performance and practicability of IP traceback.

[1]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[2]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[3]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[4]  Josephine Choi,et al.  Enhanced Probabilistic Packet Marking for IP Traceback , 2004 .

[5]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[6]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[7]  Basheer Al-Duwairi,et al.  Topology based packet marking , 2004, Proceedings. 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969).

[8]  Micah Adler,et al.  Trade-offs in probabilistic packet marking for IP traceback , 2005, JACM.

[9]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[10]  Jürgen Falb,et al.  The Internet Protocol , 2005, The Industrial Information Technology Handbook.

[11]  Tsern-Huei Lee,et al.  Scalable packet digesting schemes for IP traceback , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[12]  Francis L. Merat,et al.  Defeating distributed denial-of-service attack with deterministic bit marking , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[13]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[14]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[15]  Kamil Saraç,et al.  IP traceback based on packet marking and logging , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[16]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[17]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[18]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[19]  Ion Stoica,et al.  Providing guaranteed services without per flow management , 1999, SIGCOMM '99.

[20]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[21]  G. Manimaran,et al.  Space-time encoding scheme for DDoS attack traceback , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[22]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[23]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[24]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[25]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[26]  Nirwan Ansari,et al.  A new marking scheme to defend against distributed denial of service attacks , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..