Improved technique of IP address fragmentation strategies for dos attack traceback

  • Authors:

  • Byung-Ryong Kim;Ki-Chang Kim

  • Affiliations:

  • School of Computer Science and Engineering, Inha Univ., Incheon, Korea;School of Information and Communication Engineering, Inha Univ., Incheon, Korea

  • Venue:
  • CSR'06 Proceedings of the First international computer science conference on Theory and Applications
  • Year:
  • 2006

Quantified Score

Hi-index 0.04

Visualization

Abstract

Defending against denial-of-service(DoS) attacks is one of the hardest security problems on the Internet today. One difficulty to thwart these attacks is totrace the source of the attacks because they often use incorrect, or spoofed IP source addresses to disguise the true origin Traceback mechanisms are a critical part of the defense against IP spoofing and DoS attacks, as well as being of forensic value to law enforcement. Currently proposed IP traceback mechanisms are inadequate to address the traceback. problem for the following reasons: they require DoS victims to gather thousands of packets to reconstruct a single attack path; they do not scale to large scale Distributed DoS attacks; and they do not support incremental deployment. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Marking Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin, we were able to decrease the number of needed packets to traceback the IP address.