TOWARDS AN ADAPTIVE PACKET MARKING SCHEME FOR IP TRACEBACK

Ping Yan, Moon Chuen Lee

Abstract

Denial of Service attacks have become one of the most serious threats to the Internet community. An effec-tive means to defend against such attacks is to locate the attack source(s) and to isolate it from the rest of the network. This paper proposes an adaptive packet marking scheme for IP traceback, which supports two types of marking, namely source router id marking and domain id marking. For each packet traversing, we let the border routers perform probabilistic router id marking if this packet enters the network for the first time, or perform probabilistic domain id marking if the packet is forwarded from another domain. After col-lecting sufficient packets, the victim reconstructs the attack graph, by which we keep track of the interme-diate domains traversed by attack packets instead of individual routers within a domain; however, the source routers serving as ingress points of attack traffic are identified at the same time. Simulation results show that the proposed marking scheme outperforms other IP traceback methods as it requires fewer pack-ets for attack paths reconstruction, and can handle large number of attack sources effectively; and the false positives produced are significantly low. Further, it does not generate additional traffic.

References

  1. Alezxx C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, 2002. SinglePacket IP Traceback. IEEE/ACM transactions on NETWORKING, Vol. 10, No. 6, December.
  2. Andrew S. Tanenbaum, Aug 9, 2002. Computer Networks, 4rd edition. Published by Prentice Hall PTR.
  3. Andrey Belenky, Nirwan Ansari, 2003. IP Traceback with Deterministic Packet Marking, IEEE COMMUNICATIONS LETTERS, VOL. 7, NO. 4, APRIL.
  4. The Cooperative Association for Internet Data Analysis, 2004. Available: http://www.caida.org/tools/measurement/skitter
  5. Dawn X. Song and Adrian. Perrig, 2001. Advanced and Authenticated Marking Schemes for IP Traceback. Proc. of the IEEE Infocom conference, April.
  6. Hal Burch and Bill Cheswick, 1999. Tracing Anonymous Packets to Their Approximate Source. Unpublished paper, December.
  7. J. Ioannidis and S. M. Bellovin. 2002. Implementing Pushback: Router-based Defense against DDoS Attacks. Proc. in Network and Distributed System Security Symposium, the Internet Society.
  8. Kevin J. Houle, George M. Weaver, 2001. Trends in Denial of Service Attack Technology. Technical report from CERT Coordination Center. October.
  9. Michael T. Goodrich, 2002. Efficient Packet Marking for Large-Scale IP Traceback. CCS'02, November, Washington, DC, USA.
  10. Rocky K. C. Chang, 2002. Defending against Floodingbased Distributed Denial-of-service Attacks: a Tutorial, IEEE Communications Magazine, October.
  11. S. M. Bellovin, 2000. ICMP Traceback Messages.
  12. Internet Draft: http://www.research.att.com/smb/papers/draft-bellovinitrace-00.txt (June 20, 2004)
  13. Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, 2000. Practical Network Support for IP Traceback. Proc. of the ACM SIGCOMM conference, August.
  14. Steven H. Bass, 2001. Spoofed IP Address Distributed Denial of Service Attacks: Defense-in-Depth. Available: http://www.sans.org/rr/papers/60/469.pdf (July 30, 2004)
  15. Vadim Kuznetsov, Andrei Simkin, Helena Sandström, 2002. An Evaluation of Different IP Traceback Approaches. Available: http://www.sm.luth.se/csee/csn/publications/ip_traceba ck.pdf
Download


Paper Citation


in Harvard Style

Yan P. and Chuen Lee M. (2004). TOWARDS AN ADAPTIVE PACKET MARKING SCHEME FOR IP TRACEBACK . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 119-126. DOI: 10.5220/0001394701190126


in Bibtex Style

@conference{icete04,
author={Ping Yan and Moon Chuen Lee},
title={TOWARDS AN ADAPTIVE PACKET MARKING SCHEME FOR IP TRACEBACK },
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={119-126},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001394701190126},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - TOWARDS AN ADAPTIVE PACKET MARKING SCHEME FOR IP TRACEBACK
SN - 972-8865-15-5
AU - Yan P.
AU - Chuen Lee M.
PY - 2004
SP - 119
EP - 126
DO - 10.5220/0001394701190126