Simulating and Improving Probabilistic Packet Marking Schemes Using Ns2

Simulation environments and approaches for evaluating real-time of IP traceback in different network scenarios and attacking patterns are very important. A comparison among some of the most promising PPM (Probabilistic Packet Marking) schemes is presented with several metrics, including the received packet number required for reconstructing the attacking path, computation complexity and false positive etc. We constructe a simulation environment via extending ns2, setting attacking topology and traffic, which can be used to evaluate and compare the effectiveness of different PPM schemes. The simulation approach also can be used to test the performing effects of different PPM schemes in large-scale DDoS attacks. Based on the simulation and evaluation results, several improvable aspects of PPM are proposed, which can increase real-time of IP traceback efficiently.

[1]  Ramesh Govindan,et al.  Heuristics for Internet map discovery , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[2]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[3]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[4]  Songwu Lu,et al.  Random flow network modeling and simulations for DDoS attack mitigation , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[5]  Helena Sandström,et al.  An Evaluation of Different IP Traceback Approaches , 2002, ICICS.

[6]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .

[7]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[8]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[9]  Rami G. Melhem,et al.  A simulation study of the proactive server roaming for mitigating denial of service attacks , 2003, 36th Annual Simulation Symposium, 2003..

[10]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[11]  Clay Shields,et al.  Tracing the Source of Network Attack: A Technical, Legal and Societal Problem , 2001 .

[12]  Pingzhi Fan,et al.  Proceedings of the 5th international conference on Parallel and Distributed Computing: applications and Technologies , 2004 .

[13]  Jun Xu,et al.  IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..