Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
Dynamic probabilistic packet marking for efficient IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
Tagged fragment marking scheme with distance-weighted sampling for a fast IP traceback
APWeb'03 Proceedings of the 5th Asia-Pacific web conference on Web technologies and applications
Hi-index | 0.89 |
IP traceback is an effective measure to deter internet attacks. A number of techniques have been suggested to realize IP traceback. The Fragment Marking Scheme (FMS) is one of the most promising techniques. However, it suffers a combinatorial explosion when computing the attacker@?s location in the presence of multiple attack paths. The Tagged Fragment Marking Scheme (TFMS) has been suggested to suppress the combinatorial explosion by attaching a tag to each IP fragment. Tagging is effective because it allows the victim to differentiate IP fragments belonging to different routers, thereby greatly reducing the search space and finding the correct IP fragments. TFMS, however, increases the number of false positives when the number of routers on the attack path grows beyond some threshold. In this paper, we rigorously analyze the performance of TFMS to determine the correlation between the number of routers and the false positive error rate. Using a probabilistic argument, we determine the formulas for combination counts and error probabilities in terms of the number of routers. Under TFMS, our results show that we can reduce the required time to find an attacker@?s location at the cost of a low error rate for a moderate number of routers.