Topology-assisted deterministic packet marking for IP traceback

doi:10.1016/S1005-8885(09)60456-8

中国邮电高校学报(英文) ›› 2010, Vol. 17 ›› Issue (2): 116-121.doi: 10.1016/S1005-8885(09)60456-8

• Artificial Intelligence • 上一篇下一篇

Topology-assisted deterministic packet marking for IP traceback

王小静,王潇茵,姚淑萍

北京理工大学

收稿日期:2009-03-25 修回日期:2010-01-22 出版日期:2010-04-30 发布日期:2010-06-01
通讯作者: 王小静 E-mail:sunny4119@126.com
基金资助:
国家863高技术研究发展计划（2009AA01Z433）;其他

IP追踪中基于拓扑辅助的确定性包标记

Received:2009-03-25 Revised:2010-01-22 Online:2010-04-30 Published:2010-06-01

摘要/Abstract

摘要：

针对防御（分布式）拒绝服务攻击，提出一种新的用于IP追踪的确定包标记方案。该方案具有很好的可扩展性和高准确性。每个入口路由器预先计算它IP地址的哈希值，并将之拆成若干段，路由器随机选择其中一个段标记包。在追踪阶段，受害者接收到仅仅若干个标记包后，借助于上游路由器的拓扑图，受害者就可以识别可疑的入口路由器。在大规模分布式拒绝服务攻击下，还原一个路由器时，已有确定包标记方法需要几十个包且误报率高，而该方案克服了这些缺点。给出了理论分析，伪代码和实验结果，证明TDPM在应对大规模DDoS攻击是准确有效的

关键词:

确定包标记

Abstract:

A novel deterministic packet marking for IP traceback against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks is presented, which features good scalability and high accuracy. In this scheme, an ingress router pre-calculates a hash of its IP address and splits the hash into several fragments. When marking a packet, the router randomly selects a fragment to mark into the packet. In the traceback stage the victim identifies the marked router with the help of the map of its upstream routers. Based on the map, the victim can identify a candidate ingress router after receiving only several marked packets. The scheme overcomes defects in previous deterministic packet marking schemes, wherein too much packets are required to recover a router and high false positive rate occurs in case of large-scale DDoS. Theoretical analysis, the pseudo code and experimental results are provided. The scheme is proved to be accurate and efficient and can handle large-scale DDoS attacks.

Key words:

deterministic packet marking (DPM)

参考文献

1. Gao Z Q, Ansari N. Tracing cyber attacks from the practical perspective. IEEE Communications Magazine, 2005, 43(5): 123-131

2. Douligeris C, Mitrokotsa A. DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 2004, 44(4): 643-666

3. Belenky A, Ansari N. IP traceback with deterministic packet marking. IEEE Communications Letters, 2003, 7(4): 162-164

4. Belenky A, Ansari N. Tracing multiple attackers with deterministic packet marking (DPM). Proceedings of the 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM’03), Aug 28-30, 2003, Victoria, Canada. Piscataway, NJ, USA: IEEE, 2003: 49-52

5. Belenky A, Ansari N. Accommodating fragmentation in deterministic packet marking for IP traceback. Proceedings of Global Telecommunications Conference (GLOBECOM’03), Dec 1-5, 2003, San Francisco, CA, USA. Piscataway, NJ, USA: IEEE, 2003: 1374-1378

6. Jin G, Yang J G. Deterministic packet marking based on redundant decomposition for IP traceback. IEEE Communications Letters, 2006, 10(3): 204-206

7. Song D, Perrig A. Advanced and authenticated marking schemes for IP traceback. Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom’01), Apr 24-26, 2001, Anchorage, AK, USA. Piscataway, NJ, USA: IEEE, 2001: 878-886

8. Yaar A, Perrig A, Song D. FIT: fast Internet traceback. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’05), Mar 13-17, 2005, Miami, FL, USA. Piscataway, NJ, USA: IEEE, 2005: 1395-1406

9. Feller W. An introduction to probability theory and its applications: Vol 1. 3rd ed. New York, NY, USA: John Wiley & Sons, 1968

Topology-assisted deterministic packet marking for IP traceback

IP追踪中基于拓扑辅助的确定性包标记

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

编辑推荐

Metrics

本文评价