PTrace: Pushback/SVM Based ICMP Traceback Mechanism against DDoS Attack

DDoS attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. In this paper, we propose a ”advanced ICMP Traceback” mechanism, which is based on the modified Pushback/SVM system(pTrace). Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source.

[1]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..

[2]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[3]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[4]  Shigeyuki Matsuda,et al.  Tracing Network Attacks to Their Sources , 2002, IEEE Internet Comput..

[5]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[6]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[7]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[8]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[9]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[10]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.