Abstract
Distributed Denial of Service (DDoS) attack is one of the remained problems that has still not solved. In most case, these attacks raise the flows of packets with spoofed IP, thus it is too hard to decide what packet is attack packet or not. Up to now, various studies have been proposed to defend against DDoS attacks. We don’t still have had a fitting solution to solve it. Abraham et al. presented Pi that is scheme to marks packet’s path.Pi is a scheme that marks traveling information of each packet on itself. Pi is a new, simple and robust approach but, Pi can have poor marking value filled with garbage when there are too small routers which participated in marking. This brings the loss of information. We propose a new marking approach that improves the previous Pi marking scheme. It has a higher accuracy value than previous Pi making.
This work was supported by grant No. (R05-2003-000-11235-0) from the Basic Research Program of the Korea Science & Engineering Foundation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ryan Naraine, M.: DDoS Attack Hit DNS Root Servers, eSecurityPlanet.com (October 2002), http://www.esecurityplanet.com/trends/article.php/10751_1486981
Inside the Slammer Worm, http://www.computer.org/security/v1n4/j4wea.htm
Denial of Service Attacks, CERT (1997)
Wang, X., Reiter, M.K.: Defending Against Denial-of-Service Attacks with Puzzle Auctions. In: Proceedings of the 2003 Security and Privacy Symposium (May 2003)
Ioannidis, J., Bellovin, S.M.: Implementing Pushback: Router-based defense against DDoS attacks. In: Proceedings of the Symposium on Network and Distributed Systems Security(NDSS 2002) (February 2002)
Sterne, D., Djahandari, K., Balupari, R., La Cholter, W., Babson, B., Wilson, B., Narasimhan, P., Purtell, A., Schnackenberg, D., Linden, S.: Active network based DDoS defense, pp. 193–203
Gustavo, L., Arruda, M.: Around Network Intrusion Prevention Systems
Park, K., Lee, H.: On the Effectiveness of RouteBased Packet Filtering for Distributed DoS Attack. In: Prevention in PowerLaw Internets SIGCOMM 2001, San Diego, California, USA (2001)
Kashiwa, D., Chen, E.Y., Fuji, H.: Active shaping: a countermeasure against DDoS attacks. In (ECUMN 2002) 2nd European Conference on, 8-10, April 2002, pp. 171–179 (2002)
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from Distributed Denial of Service Attack Using History-based IP Filtering
Xu, J., Lee, W.: Sustaining Availability of Web Services under Distributed Denial of Service Attacks
Perrig, A., Song, D., Yaar, A.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: Proceedings of the 2003 Security and Privacy Symposium (May 2003)
Perrig, A., Song, D., Yaar, A.: Pi: A new defense mechanism against IP spoofing and DDoS attacks, Technical Report CMU-CS-02-207, Carnegie Mellon University, School of computer Science (December 2002)
Skitter, C. (2000), http://www.caida.org/tools/measurement/skitter/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lim, H., Hong, M. (2004). Effective Packet Marking Approach to Defend against DDoS Attack. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3046. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24768-5_76
Download citation
DOI: https://doi.org/10.1007/978-3-540-24768-5_76
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22060-2
Online ISBN: 978-3-540-24768-5
eBook Packages: Springer Book Archive