Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
Tradeoffs in probabilistic packet marking for IP traceback
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
IEEE/ACM Transactions on Networking (TON)
Adjusted Probabilistic Packet Marking for IP Traceback
NETWORKING '02 Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Efficient Probabilistic Packet Marking
ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback
IEEE Transactions on Parallel and Distributed Systems
Analyzing large DDoS attacks using multiple data sources
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Touring the internet in a TCP sidecar
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Towards Stateless Single-Packet IP Traceback
LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
Probabilistic packet marking for large-scale IP traceback
IEEE/ACM Transactions on Networking (TON)
Survey Bloom filter applications in network security: A state-of-the-art survey
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
In this paper we propose an IP traceback mechanism based on deterministic packet marking and logging, using protected nodes set to reduce logged data amount. The proposed scheme exploits the fact that the number of nodes that may be under attack is usually limited to a small fraction of total nodes in the Internet, greatly reducing storage requirements by logging only the traffic destined to this fraction of nodes, thus meeting the hardware limitations of high speed core routers. Before logging at the traceback-enabled router every packet is checked whether it is destined to a host in the protected nodes set by using bloom filter. Protected nodes set and list of traceback-enabled routers is managed by security management infrastructure, which can be mirrored to avoid introduction of single point of failure. Maintaining the list of traceback-enabled routers allows performing neighbor discovery in the overlay network, which is required to detect faked identification field value in IP header by an attacker. By adding initialization stage and infrastructure the proposed scheme can provide constant complexity of per-packet processing and much longer bloom filter refresh period comparing to other approaches that use logging paradigm. Performance evaluation shows that the proposed IP traceback mechanism can be implemented in the real Internet with scalability and good deployment feasibility in terms of false positive ratio and memory usage.