Methods for Improving Performance on Packet Marking by Reducing Marking Duplicates

Probabilistic Packet Marking (PPM) is one of the methods on IP traceback. In this method, intermediate router embeds (i.e., marks) the address of itself into the header of the sampled packet. However, because the PPM does not have a mechanism to avoid overrides of marking information, there is a problem that it requires a lot of packets to reconstruct attack route. We previously proposed two marking schemes based on the history of marking. They can reconstruct the attack route with fewer packets than the original PPM, however, they still require some parameter tunings for obtaining the optimal performance. In this paper we analyze factors which cause override of marking information, and propose a new packet marking scheme to minimize the effect of packet overrides. Through simulation results, we show that our proposed method can reduce the required number of packets significantly to reconstruct the attack route without tuning of parameters compared with the original and history-based PPMs.

[1]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[2]  Nirwan Ansari,et al.  Tracing multiple attackers with deterministic packet marking (DPM) , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[3]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[4]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[5]  C. Fujiwara,et al.  Performance Improvement on Probabilistic Packet Marking by using History Caching , 2005, 6th Asia-Pacific Symposium on Information and Telecommunication Technologies.

[6]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[7]  Tsern-Huei Lee,et al.  Scalable packet digesting schemes for IP traceback , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).