Tagged fragment marking scheme with distance-weighted sampling for a fast IP traceback

  • Authors:

  • Ki Chang Kim;Jin Soo Hwang;Byung Yong Kim;Soo-Duk Kim

  • Affiliations:

  • School of Information and Communication Engineering, Inha Univ., Korea;Department of Statistics, Inha Univ., Korea;School of Information and Communication Engineering, Inha Univ., Korea;School of Information and Communication Engineering, Inha Univ., Korea

  • Venue:
  • APWeb'03 Proceedings of the 5th Asia-Pacific web conference on Web technologies and applications
  • Year:
  • 2003

Quantified Score

Hi-index 0.00

Visualization

Abstract

IP traceback technique allows a victim to trace the routing path that an attacker has followed to reach his system. It has an effect of deterring future attackers as well as capturing the current one. FMS (Fragment Marking Scheme) is an efficient implementation of IP traceback. Every router participating in FMS leaves its IP information on the passing-through packets, partially and with some probability. The victim, then, can collect the packets and analyze them to reconstruct the attacking path. FMS and similar schemes, however, suffer a long convergence time to build the path when the attack path is lengthy. Also they suffer a combinatorial explosion problem when there are multiple attack paths. This paper suggests techniques to restrain the convergence time and the combinatorial explosion. The convergence time is reduced considerably by insuring all routers have close-to-equal chance of sending their IP fragments through a distance-weighted sampling technique. The combinatorial explosion is avoided by tagging each IP fragment with the corresponding router's hashed identifier.