Probabilistic Packet Marking for Large-Scale IP Traceback

This paper presents an approach to IP traceback based on the probabilistic packet marking paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to ldquolinkrdquo message fragments in a way that is highly scalable, for the checksums serve both as associative addresses and data integrity verifiers. The main advantage of these checksum cords is that they spread the addresses of possible router messages across a spectrum that is too large for the attacker to easily create messages that collide with legitimate messages.

[1]  Rajeev Motwani,et al.  Randomized Algorithms , 1995, SIGA.

[2]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[3]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[4]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[5]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[6]  Shigeyuki Matsuda,et al.  Tracing Network Attacks to Their Sources , 2002, IEEE Internet Comput..

[7]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[8]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[9]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[10]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[11]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[12]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[13]  David K. Y. Yau,et al.  You can run, but you can't hide: an effective statistical methodology to trace back DDoS attackers , 2005, IEEE Transactions on Parallel and Distributed Systems.

[14]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[16]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.