Tabu marking scheme for IP traceback

The IP traceback is an attractive mechanism in defending against distributed denial-of-service (DDoS) attacks. In this paper we propose a new probabilistic packet marking (PPM) scheme for IP traceback, tabu marking scheme (TMS). In this scheme a router regards a packet marked by an upstream router as a tabu and does not mark it again. Furthermore we derive a new analytical result on the partial coupon collection problem for convergence analysis. Numerical results show that TMS significantly reduces the convergence time under DDoS attacks, as compared with previous PPM schemes that allow overwriting. TMS also ensures the authentication of the routers' markings.

[1]  David Moore,et al.  Beyond folklore: observations on fragmented traffic , 2002, TNET.

[2]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[3]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[4]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[5]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[6]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[7]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[9]  Dawn Song,et al.  StackPi: A New Defense Mechanism against IP Spoofing and DDoS Attacks , 2003 .

[10]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[11]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[12]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[13]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[14]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[15]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[16]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[17]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[18]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[19]  Sheldon M. Ross,et al.  Stochastic Processes , 2018, Gauge Integral Structures for Stochastic Calculus and Quantum Electrodynamics.

[20]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[21]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[22]  Micah Adler,et al.  Trade-offs in probabilistic packet marking for IP traceback , 2005, JACM.

[23]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[24]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[25]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[26]  Chin-Tser Huang,et al.  Hop integrity in computer networks , 2000, Proceedings 2000 International Conference on Network Protocols.