A Path Information Caching and Aggregation Approach to Traffic Source Identification

Quantified Score

Visualization

Abstract

Probabilistic packet marking (PPM) is a techniquedesigned to identify packet traffic sources with lowstorage and processing overhead on network routers.In most previous PPM approaches, individual pathmessages carry only partial path information. Thesemethods are susceptible to "path falsification" attacks,which greatly reduce their effectiveness. This workproposes a path-falsification-attack free PPM algorithmcalled Path Information Caching and Aggregation(PICA) that records paths of packet streams in fix-lengthpath messages, thus eliminating the need ofpath reconstruction at the receiver end. Besides, byusing a router's forwarding table to decompose packetvolume, this semi-stateful method is more accurate intraffic volume report. It also supports both a packetrate-based path message generation algorithm and aredundant path message suppression mechanism tofurther eliminate path messages with the same destination.Finally, PICA protects PICA routers from beingattacked by faked path messages. We have performeda trace-driven simulation study on the proposed PICAalgorithm and compared its effectiveness with IETF'siTrace scheme by varying the sampling probability,the number of attack sources, and attack traffic rate.Compared to iTrace, the PICA algorithm reduces thetotal number of path messages required by a factorof more than 2, while reporting traffic volume moreaccurately.