Abstract
Probabilistic Packet Marking algorithm, one promising solution to the IP traceback problem, uses one fixed marking space to store router information. Since this fixed space is not sufficient for storing all routers information, each router writes its information into packets chosen with probability p, so-called probabilistic marking. Probabilistic marking seems to be helpful in lowering router overhead, however, it also bring computation overhead for the victim to reconstruct the attack paths and large number of false positives. In this paper, we present a new approach for IP traceback, Deterministic Packet Marking Scheme with Link Signatures, which needs routers mark all packets during forwarding (so-called deterministic marking). We make a study of how much both the probabilistic and our deterministic packet marking schemes affect router overhead through simulations. The results confirm that our deterministic marking scheme will slightly lower router overhead, and besides, it has superior performance than another improved probabilistic packet marking method, Advanced Marking Schemes. Further performance analysis and simulation results are given to show that our technique is superior in precision to previous work—it has almost zero false positive rate. It also has lower computation overhead for victim and needs just a few packets to trace back attacks and to reconstruct the attack paths even under large scale distributed denial-of-service attacks. In addition, our scheme is simple to implement and support incremental deployment.
This work is supported by the NSFC (National Natural Science Foundation of China – under Grant 60403028), and NSFS (Natural Science Foundation of Shaanxi – under Grant 2004F43).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Savage, G.S., Wetherall, D., Karlin, A., Anderson, T.: Network support for IP traceback. IEEE/ACM Transaction on Networking 9, 226–237 (2001)
Savage, G.S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proc. of ACM SIGCOMM, pp. 295–306 (2000)
Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proc. of INFOCOM, vol. 2, pp. 878–886 (2001)
Peng, T., Leckie, C., Ramamohanarao, K.: Adjusted probabilistic packet marking for IP traceback. In: Proc. Networking, pp. 697–708 (2002)
Adler, M.: Tradeoffs in probabilistic packet marking for IP traceback. In: Proc. 34th ACMSymp. Theory of Computing (STOC), pp. 407–418 (2002)
Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In: Proc. of IEEE INFOCOM (2001)
Shannon, C., Moore, D., Claffy, K.: Characteristics of fragmented IP traffic on internet links. In: Proc. SIGCOMM, pp. 83–97 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yi, S., Xinyu, Y., Ning, L., Yong, Q. (2006). Deterministic Packet Marking with Link Signatures for IP Traceback. In: Lipmaa, H., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2006. Lecture Notes in Computer Science, vol 4318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11937807_12
Download citation
DOI: https://doi.org/10.1007/11937807_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49608-3
Online ISBN: 978-3-540-49610-6
eBook Packages: Computer ScienceComputer Science (R0)