Record route IP traceback: Combating DoS attacks and the variants

The Internet introduces a variety of vulnerabilities that put the security and privacy of computer based systems under risk. One of the most perilous threats in the Internet is the Denial of Service (DoS) attack and its variants such as Distributed DoS (DDoS). In this work we propose a novel probabilistic packet marking scheme to infer forward paths from attacker sites to a victim site and enable the victim to delegate the defense to the upstream Internet Service Providers (ISPs). We exploit the record route feature of the IP protocol to implement our probabilistic packet marking scheme. Compared to the other techniques, our approach requires less many packets to construct the paths from attacker sites toward a victim site. Our results show that a victim site can construct the forward path from an attacker site after receiving 20.23 packets on the average under DoS attacks. Moreover, we construct the forward-paths graph from 5000 attacker sites toward the victim site by receiving 11.58 packets per attacker site, on the average.

[1]  Thomas E. Anderson,et al.  Reverse traceroute , 2010, NSDI.

[2]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[3]  Damien Magoni,et al.  Tearing down the Internet , 2003, IEEE J. Sel. Areas Commun..

[4]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[5]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[6]  Olaf Maennel,et al.  Internet optometry: assessing the broken glasses in internet reachability , 2009, IMC '09.

[7]  G. Manimaran,et al.  Novel hybrid schemes employing packet marking and logging for IP traceback , 2006, IEEE Transactions on Parallel and Distributed Systems.

[8]  A. Nur Zincir-Heywood,et al.  TDFA: Traceback-Based Defense against DDoS Flooding Attacks , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[9]  Balachander Krishnamurthy,et al.  Dasu: Pushing Experiments to the Internet's Edge , 2013, NSDI.

[10]  Kishore Angrishi,et al.  Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets , 2017, ArXiv.

[11]  Eimantas Garsva,et al.  Packet size distribution tendencies in computer network flows , 2015, 2015 Open Conference of Electrical, Electronic and Information Sciences (eStream).

[12]  H. V. Schelling Coupon Collecting for Unequal Probabilities , 1954 .

[13]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[14]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[15]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[16]  Kamil Saraç,et al.  IP traceback based on packet marking and logging , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[17]  Nirwan Ansari,et al.  On deterministic packet marking , 2007, Comput. Networks.

[18]  M. Engin Tozal,et al.  Defending Cyber-Physical Systems against DoS Attacks , 2016, 2016 IEEE International Conference on Smart Computing (SMARTCOMP).

[19]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[20]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[21]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[22]  Xiapu Luo,et al.  MonoScope: Automating network faults diagnosis based on active measurements , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[23]  Arun Venkataramani,et al.  iPlane: an information plane for distributed services , 2006, OSDI '06.

[24]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[25]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[26]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[27]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.