A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking

Tracing IP packets to their origins is an important step in defending Internet against denial-of-service attacks. Two kinds of IP traceback techniques have been proposed as packet marking and packet logging. In packet marking, routers probabilistically write their identification information into forwarded packets. This approach incurs little overhead but requires large flow of packets to collect the complete path information. In packet logging, routers record digests of the forwarded packets. This approach makes it possible to trace a single packet and is considered more powerful. At routers forwarding large volume of traffic, the high storage overhead and access time requirement for recording packet digests introduce practicality problems. In this paper, we present a novel scheme to improve the practicality of log-based IP traceback by reducing its overhead on routers. Our approach makes an intelligent use of packet marking to improve scalability of log-based IP traceback. We use mathematical analysis and simulations to evaluate our approach. Our evaluation results show that, compared to the state-of-the-art log-based approach called hash-based IP traceback, our approach maintains the ability to trace single IP packet while reducing the storage overhead by half and the access time overhead by a factor of the number of neighboring routers.

[1]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[2]  Philip N. Klein,et al.  Using router stamping to identify the source of IP packets , 2000, CCS.

[3]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[4]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[5]  Ion Stoica,et al.  Providing guaranteed services without per flow management , 1999, SIGCOMM '99.

[6]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[7]  Vijay Kumar,et al.  Coloring the Internet: IP traceback , 2006, 12th International Conference on Parallel and Distributed Systems - (ICPADS'06).

[8]  K. Claffy,et al.  Trends in wide area IP traffic patterns - A view from Ames Internet Exchange , 2000 .

[9]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[10]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[11]  Kamil Saraç,et al.  Single packet IP traceback in AS-level partial deployment scenario , 2007, Int. J. Secur. Networks.

[12]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[13]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[14]  G. Manimaran,et al.  Novel hybrid schemes employing packet marking and logging for IP traceback , 2006, IEEE Transactions on Parallel and Distributed Systems.

[15]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[16]  Kamil Saraç,et al.  IP traceback based on packet marking and logging , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[17]  Tsern-Huei Lee,et al.  Scalable packet digesting schemes for IP traceback , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[18]  Kathleen Moriarty Incident Handling: Real-time Inter-network Defense , 2006 .

[19]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[20]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[21]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[22]  H. Lipson Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues , 2002 .

[23]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[24]  Kamil Saraç,et al.  Toward a More Practical Marking Scheme for IP Traceback , 2006, 2006 3rd International Conference on Broadband Communications, Networks and Systems.

[25]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[26]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.