An enhanced Deterministic Flow Marking technique to efficiently support detection of network spoofing attacks

In order to detect and prevent DoS/DDoS attacks that exploit IP address spoofing, the IP traceback technique has been introduced and developed with variety of methods including packet marking. By means of inserting marking information on the travel path into rarely used fields in the header of IP packets, the destination host can trace back the original-source location of received packets, which is useful for supporting detection of attacks. Many schemes of packet marking IP traceback have been proposed, but still have nevertheless some drawbacks such as low traceback rate, heavy computational overhead due to high-required number of marked packets and marking size. In this paper, we proposed PLA DFM, a novel efficient enhanced solution of Deterministic Flow Marking based on adaptation with real traffic characteristics. The analytic result shows that the proposed solution provides a far higher successful mark rate, lower computational overhead compared to the original scheme and other marking techniques with unnoticeable increased traffic size.

[1]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[2]  David L. Black,et al.  The Addition of Explicit Congestion Notification (ECN) to IP , 2001, RFC.

[3]  S. Sitharama Iyengar,et al.  Authenticated autonomous system traceback , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[4]  Mário Marques da Silva,et al.  Multimedia Communications and Networking , 2012 .

[5]  Yeh-Ching Chung,et al.  Dynamic probabilistic packet marking for efficient IP traceback , 2007, Comput. Networks.

[6]  V. K. Soundar Rajam,et al.  A novel traceback algorithm for DDoS attack with marking scheme for online system , 2012, 2012 International Conference on Recent Trends in Information Technology.

[7]  Nirwan Ansari,et al.  Tracing multiple attackers with deterministic packet marking (DPM) , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[8]  A. Nur Zincir-Heywood,et al.  On Evaluating IP Traceback Schemes: A Practical Perspective , 2013, 2013 IEEE Security and Privacy Workshops.

[9]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[10]  M. J. Reed,et al.  Efficient AS DoS traceback , 2013, 2013 International Conference on Computer Applications Technology (ICCAT).

[11]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[12]  Martin P. Clark Data Networks, IP and the Internet , 1977 .

[13]  David L. Black,et al.  Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers , 1998, RFC.