Summary Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. IP traceback – the ability to trace IP packets from source to destination – is a significant step toward identifying and, thus, stopping, attackers. The IP traceback is an important mechanism in defending against distributed denialof-service (DDoS) attacks. This paper constructs a simulation environment via extending ns2, setting attacking topology and traffic, which can be used to evaluate and compare the effectiveness of different traceback schemes. A comparison among some of the Packet Marking schemes is presented with several metrics, including the received packet number required for reconstructing the attacking path, computation complexity and false positive etc. The simulation approach also can be used to test the performing effects of different marking schemes in large-scale DDoS attacks. Based on the simulation and evaluation results, more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.
[1]
Paul Ferguson,et al.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
,
1998,
RFC.
[2]
M. R. Spiegel.
E and M
,
1981
.
[3]
Catherine A. Meadows,et al.
A formal framework and evaluation method for network denial of service
,
1999,
Proceedings of the 12th IEEE Computer Security Foundations Workshop.
[4]
Anna R. Karlin,et al.
Practical network support for IP traceback
,
2000,
SIGCOMM.
[5]
Jelena Mirkovic,et al.
Attacking DDoS at the source
,
2002,
10th IEEE International Conference on Network Protocols, 2002. Proceedings..
[6]
Linda Pesante,et al.
CERT® Coordination Center
,
2002
.
[7]
Peter Reiher,et al.
A taxonomy of DDoS attack and DDoS defense mechanisms
,
2004,
CCRV.