Packet Filtering Based on Source Router Marking and Hop-Count

Authors:
Kashif Ali;Mohammad Zulkernine;Hossam Hassanein
Affiliations:
Queen's University, Canada;Queen's University, Canada;Queen's University, Canada
Venue:
LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
Year:
2007

Citing 0
Cited 2

Collaborative Framework for Detection, Prevention, and Traceback of Flooding Attacks Using Marking and Filtering

Information Security Journal: A Global Perspective
A backpressure technique for filtering spoofed traffic at upstream routers

International Journal of Security and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Denial of Service (DoS) attacks impose an increasingly growing threat to the Internet. These attacks result in wastage of scarce Internet resources and service disruptions. Existing packet filtering schemes are deployable at either source, intermediate or victim networks. In this paper, we propose a hybrid of the source and the victim networks-based packet filtering approach, Source Router marking and Hop-Count (SRHC), to detect and filter high-rate traffic flows and IP-spoofing attacks. Packets are marked at the source network based on their arrival rate threshold. At a victim network, the spoofed packets are marked based on the IP source arrival rate using their respective TTL value. Both source and victim networks collaborate to filter high-rate and IP-spoofing attacks. The ns-2 simulator is used to generate attack scenarios. Our simulation results show that the SRHC scheme effectively filters out high-rate and IP-spoofing attack packets, with minimal collateral damage.