Packet track and traceback mechanism against denial of service attacks

中国邮电高校学报(英文) ›› 2008, Vol. 15 ›› Issue (3): 51-58.doi:

• Artificial Intelligence • 上一篇下一篇

Packet track and traceback mechanism against denial of service attacks

李莉沈苏彬

Institute of Information Network Technology, Nanjing University of Posts and Telecommunications, Nanjing 210003, China

收稿日期:2007-09-08 修回日期:1900-01-01 出版日期:2008-09-30
通讯作者: 李莉

Packet track and traceback mechanism against denial of service attacks

LI Li, SHEN Su-bin

Institute of Information Network Technology, Nanjing University of Posts and Telecommunications, Nanjing 210003, China

Received:2007-09-08 Revised:1900-01-01 Online:2008-09-30

摘要/Abstract

摘要：

The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi’s limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.

关键词:

denial;of;service;(DoS);attack,;traceback,;packet;marking,;Pi

Abstract:

Key words:

denial of service (DoS) attack;traceback;packet marking;Pi

LI Li, SHEN Su-bin

. Packet track and traceback mechanism against denial of service attacks[J]. Acta Metallurgica Sinica(English letters), 2008, 15(3): 51-58.

参考文献

1. Computer Emergency Response Team. Cert advisory ca-2000-01: denial-of-service developments. [2007-02-01]. http://www.cert.org/advisories/ CA-2000-01.html

2. Belenky A, Ansari N. On IP traceback. IEEE Communications Magazine, 2003, 41(7): 142–153

3. Savage S, Wetherall D, Karlin A, et al. Practical network support for IP traceback. Computer Communication Review, 2000, 30(4): 295–306

4. Dawn X S, Perrig A. Advanced and authenticated marking schemes for IP traceback. Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies, Apr 22–26 2001, Anchorage, AK, USA. Piscataway, NJ, USA: IEEE, 2001: 878–886

5. Yaar A, Perriq A, Sonq D. Pi: a path identification mechanism to defend against DDoS attacks. Proceedings of Symposium on Security and Privacy, May 11–14, 2003, Berkeley, CA, USA. Piscataway, NJ, USA: IEEE. 2003: 93–107

6. Park K, Lee H. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies, Apr 22–26, 2001, Anchorage, AK, USA. Piscataway, NJ, USA: IEEE, 2001: 338–3347

7. Tchakountio F, Kent S T, Strayer W T. Hash-based IP traceback. Proceedings of Conference on Applications, Technologies, Architectures, and Protocol for Computer Communication (SIGCOMM’01), Aug 27–31, 2001. San Diego, CA, USA. New York, NY, USA: ACM, 2001: 3–14

8. Bellovin S, Leech M, Taylor T. Internet draft. ICMP traceback messages. [2007-02-01]. http://tools.ietf.org/html/draft-ietf-itrace-04

9. Chang R K C. Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Communications Magazine, 2002, 40(10): 42–51

[1]	Cheng Yi, Zhao Yan, Yin Peiwen. Radar false alarm plots elimination based on multi-feature extraction and classification[J]. 中国邮电高校学报(英文版), 2024, 31(1): 83-92.
[2]	吴岳, 陈向勇, 邱建龙, 胡顺伟, 赵峰. Dynamic event-triggered leader-follower consensus of nonlinear multi-agent systems under directed weighted topology [J]. 中国邮电高校学报(英文版), 2023, 30(6): 3-10.
[3]	赵海英郭轩 . Pointer-prototype fusion network for few-shot named entity recognition[J]. 中国邮电高校学报(英文版), 2023, 30(5): 32-41.
[4]	孟慧任利娜赵宗渠. Identity-based proxy re-encryption scheme from RLWE assumption with ciphertext evolution[J]. 中国邮电高校学报(英文版), 2023, 30(5): 51-60.
[5]	Luo Zhiyong, Wang Shuyi, Song Weiwei, Liu Jiahui, Wang Jianming. Research on security situation awareness algorithm of Markov differential game block-chain model[J]. 中国邮电高校学报(英文版), 2023, 30(4): 105-120.
[6]	Yin Sihan, Li Yalei, Liu Xiaoping, Cui Xu, Wang Huapeng. Transformer fault diagnosis based on relational teacher-student network [J]. 中国邮电高校学报(英文版), 2023, 30(3): 41-54.
[7]	Wang Zixian, Zhang Miao, Yan Danfeng . DRO-SLAM: Real-time object-aware SLAM for navigation robots and autonomous driving in dynamic environments[J]. 中国邮电高校学报(英文版), 2023, 30(3): 14-24.
[8]	Fan Xinyue, Wu Kai, Chen Shuai. RB-SLAM: visual SLAM based on rotated BEBLID feature point description [J]. 中国邮电高校学报(英文版), 2023, 30(3): 1-13.
[9]	Wang Qiang, Zhang Yijia, Zhang Tianjiao, Zhang Wenqi, Gao Yue, Tafazolli Rahim. Secure degrees of freedom for general MIMO interference channel under rank-deficiency [J]. 中国邮电高校学报(英文版), 2023, 30(3): 65-77.
[10]	韩子文张治郭宇. Gain and phase errors active calibration method based on neural network for arrays with arbitrary geometry[J]. 中国邮电高校学报(英文版), 2023, 30(2): 8-17.
[11]	Guo Xiangbo, Wang Jian, Huang Mengjie, Wang Minghui, Yang Jian, Yu Yongtao. Deep knowledge tracking algorithm based on forgetting law[J]. 中国邮电高校学报(英文版), 2023, 30(1): 17-27.
[12]	Guan Sihai, Cheng Qing, Zhao Yong, Liu Fangyao. Variable step-size adaptive filtering algorithm based on an exponent sin function[J]. 中国邮电高校学报(英文版), 2023, 30(1): 56-65.
[13]	Wu Hongxin, Lin Zhijian, Chen Pingping, Chen Feng. Joint partial computation offloading and resource allocation in MEC-enable networks[J]. 中国邮电高校学报(英文版), 2023, 30(1): 80-86.
[14]	Li Yajie, Zhang Jie. Artificial intelligence for optical transport networks: architecture, application and challenges [J]. 中国邮电高校学报(英文版), 2022, 29(6): 3-17.
[15]	Kong Chao, Ou Weihua, Gong Xiaofeng, Li Weian, Han Jie, Yao Yi, Xiong Jiahao. Face anti-spoofing based on multi-modal and multi-scale features fusion [J]. 中国邮电高校学报(英文版), 2022, 29(6): 73-82.

Packet track and traceback mechanism against denial of service attacks

Packet track and traceback mechanism against denial of service attacks

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价