A table-driven approach for IP traceback based on network statistic analysis

IP-spoofed DDoS attack is a serious security problem in Internet. Thus, an IP traceback approach is essential. In this paper, a fast IP traceback approach (FTA) based on network statistic analysis is proposed. By maintaining the Branch Label Table (BLT) which contains some network statistics in edge routers, the time of IP traceback procedure is efficiently reduced. In addition, an adaptive packet filter is proposed to mitigate the DDoS attacks. The packet drop rate adapts to the location of DDoS attackers and the queue length. Finally, ns-2 simulation is conducted to evaluate FTA. The simulation results show FTA substantially accelerates IP traceback procedure. Moreover, the proposed adaptive packet filter efficiently mitigates the DDoS attacks.

[1]  Bharat K. Bhargava,et al.  On detecting service violations and bandwidth theft in QoS network domains , 2003, Comput. Commun..

[2]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[3]  Yong Guan,et al.  TOPO: A Topology-aware Single Packet Attack Traceback Scheme , 2006, 2006 Securecomm and Workshops.

[4]  Siu-Ming Yiu,et al.  Intrusion Detection Routers: Design, Implementation and Evaluation Using an Experimental Testbed , 2006, IEEE Journal on Selected Areas in Communications.

[5]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[6]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[7]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[8]  Yau-Hwang Kuo,et al.  An On-line DDoS Attack Traceback and Mitigation System Based on Network Performance Monitoring , 2008, 2008 10th International Conference on Advanced Communication Technology.

[9]  Mark Crovella,et al.  Improved Algorithms for Network Topology Discovery , 2005, PAM.

[10]  Bharat K. Bhargava,et al.  Edge-to-edge measurement-based distributed network monitoring , 2004, Comput. Networks.

[11]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[12]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[13]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[14]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[15]  Nirwan Ansari,et al.  On IP traceback , 2003, IEEE Commun. Mag..