IP追踪中基于拓扑辅助的确定性包标记

doi:10.1016/S1005-8885(09)60456-8

Acta Metallurgica Sinica(English letters) ›› 2010, Vol. 17 ›› Issue (2): 116-121.doi: 10.1016/S1005-8885(09)60456-8

• Wireless • Previous Articles Next Articles

IP追踪中基于拓扑辅助的确定性包标记

Received:2009-03-25 Revised:2010-01-22 Online:2010-04-30 Published:2010-06-01

Abstract

Abstract:

A novel deterministic packet marking for IP traceback against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks is presented, which features good scalability and high accuracy. In this scheme, an ingress router pre-calculates a hash of its IP address and splits the hash into several fragments. When marking a packet, the router randomly selects a fragment to mark into the packet. In the traceback stage the victim identifies the marked router with the help of the map of its upstream routers. Based on the map, the victim can identify a candidate ingress router after receiving only several marked packets. The scheme overcomes defects in previous deterministic packet marking schemes, wherein too much packets are required to recover a router and high false positive rate occurs in case of large-scale DDoS. Theoretical analysis, the pseudo code and experimental results are provided. The scheme is proved to be accurate and efficient and can handle large-scale DDoS attacks.

Key words:

deterministic packet marking (DPM)

References

1. Gao Z Q, Ansari N. Tracing cyber attacks from the practical perspective. IEEE Communications Magazine, 2005, 43(5): 123-131

2. Douligeris C, Mitrokotsa A. DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 2004, 44(4): 643-666

3. Belenky A, Ansari N. IP traceback with deterministic packet marking. IEEE Communications Letters, 2003, 7(4): 162-164

4. Belenky A, Ansari N. Tracing multiple attackers with deterministic packet marking (DPM). Proceedings of the 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM’03), Aug 28-30, 2003, Victoria, Canada. Piscataway, NJ, USA: IEEE, 2003: 49-52

5. Belenky A, Ansari N. Accommodating fragmentation in deterministic packet marking for IP traceback. Proceedings of Global Telecommunications Conference (GLOBECOM’03), Dec 1-5, 2003, San Francisco, CA, USA. Piscataway, NJ, USA: IEEE, 2003: 1374-1378

6. Jin G, Yang J G. Deterministic packet marking based on redundant decomposition for IP traceback. IEEE Communications Letters, 2006, 10(3): 204-206

7. Song D, Perrig A. Advanced and authenticated marking schemes for IP traceback. Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom’01), Apr 24-26, 2001, Anchorage, AK, USA. Piscataway, NJ, USA: IEEE, 2001: 878-886

8. Yaar A, Perrig A, Song D. FIT: fast Internet traceback. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’05), Mar 13-17, 2005, Miami, FL, USA. Piscataway, NJ, USA: IEEE, 2005: 1395-1406

9. Feller W. An introduction to probability theory and its applications: Vol 1. 3rd ed. New York, NY, USA: John Wiley & Sons, 1968

Metrics

Comments

Copyright © 2020 The Journal of China Universities of Posts and Telecommunications
　 Adress: P.O. Box 231,Beijing University of Posts and Telecommunications,10 Xi Tucheng Road,Beijing 100876,P.R.China　Post Code: 100081
Tel：86-010-62282493　Fax： 86-010-62283461　E-mail: jchupt@bupt.edu.cn
Support by: Beijing Magtech Co.Ltd

IP追踪中基于拓扑辅助的确定性包标记

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 0

Recommended Articles

Metrics

Comments