Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
Tracing Network Attacks to Their Sources
IEEE Internet Computing
A Formal Framework and Evaluation Method for Network Denial of Service
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
A Path Information Caching and Aggregation Approach to Traffic Source Identification
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Reference models for the concealment and observation of origin identity in store-and-forward networks
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
IEEE Transactions on Parallel and Distributed Systems
Coloring the Internet: IP Traceback
ICPADS '06 Proceedings of the 12th International Conference on Parallel and Distributed Systems - Volume 1
Dynamic Probabilistic Packet Marking with Partial Non-Preemption
UIC '08 Proceedings of the 5th international conference on Ubiquitous Intelligence and Computing
A proposal for new marking scheme with its performance evaluation for IP traceback
WSEAS Transactions on Computer Research
Information Security Journal: A Global Perspective
Security management with scalable distributed IP traceback
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
A hybrid scheme using packet marking and logging for IP traceback
International Journal of Internet Protocol Technology
Unified defense against DDoS attacks
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
A survey of IP traceback mechanisms to overcome denial-of-service attacks
ICNVS'10 Proceedings of the 12th international conference on Networking, VLSI and signal processing
A novel hybrid IP traceback scheme with packet counters
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Hi-index | 0.00 |
Tracing DoS attacks that employ source address spoofing is an important and challenging problem. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet marking) or by storing packet digests or signatures at intermediate routers (i.e., packet logging). Such approaches require either a large number of attack packets to be collected by the victim to infer the paths (packet marking) or a significant amount of resources to be reserved at intermediate routers (packet logging). We adopt a hybrid traceback approach in which packet marking and packet logging are integrated in a novel manner, so as to achieve the best of both worlds, that is, to achieve a small number of attack packets to conduct the traceback process and a small amount of resources to be allocated at intermediate routers for packet logging purposes. Based on this notion, two novel traceback schemes are presented. The first scheme, called Distributed Link-List Traceback (DLLT), is based on the idea of preserving the marking information at intermediate routers in such a way that it can be collected using a link list-based approach. The second scheme, called Probabilistic Pipelined Packet Marking (PPPM), employs the concept of a "pipeline” for propagating marking information from one marking router to another so that it eventually reaches the destination. We evaluate the effectiveness of the proposed schemes against various performance metrics through a combination of analytical and simulation studies. Our studies show that the proposed schemes offer a drastic reduction in the number of packets required to conduct the traceback process and a reasonable saving in the storage requirement.