Abstract
Denial of Service (DoS) attack has become a serious threat to the Internet today. In view of the increasing sophistication and severity of DoS attacks, the victim should be able to quickly identify the potential attackers and eliminate their traffic. To locate the source of an attack, we need to have an effective means to trace the paths of the attack packets. In this paper, we propose an IP traceback marking scheme that can efficiently trace the sources of distributed DoS attack. The marking scheme has a good performance in terms of its high success rate in tracing the attack sources. The proposed method generates no false positives and can cope with multiple attacks efficiently. It performs domain-based marking which involves only the participation of domain border routers. When compared with other marking schemes, it requires fewer packets for attack path reconstruction. Further, the inclusion of a checksum for the markings enables the victim to check for the integrity of the packet markings.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Lee, S.C., Shields, C.: Tracing the Source of Network Attack: A Technical, Legal and Societal Problem. In: Proc. 2001 IEEE Workshop on Information Assurance and Security, pp. 239–246. IEEE Press, Los Alamitos (2001)
Dean, D., Franklin, M., Stubblefield, A.: An Algebraic Approach to IP Traceback. ACM Transactions on Information and System Security 5(2), 119–137 (2002)
Savage, S., Wetherall, D., Karlin, A. and Anderson, T.: Practical Network Support for IP Traceback. In: Proc. 2000 ACM SIGCOMM (2000)
Song, D., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proc. 2001 IEEE INFOCOM (2001)
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-Based IP Traceback. In: Proc. 2001 ACM SIGCOMM (2001)
Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. Internet Eng. Task Force RFC 2827 (2000)
Stone, R.: CenterTrack: An IP overlay network for tracking DoS floods. In: Proc. USENIX Security Symposium, pp. 199-212 (2000)
Burch, H., Cheswick, B.: Tracing anonymous packets to their approximate source. In: Proc. USENIX LISA Conference, pp. 319-327 (2000)
Bellovin, S., Leech, M., Taylor, T.: ICMP Traceback Messages. Internet Eng. Task Force; work in progress (2003)
Mankin, A., Massey, D., Wu, C.L., Wu, S.F., Zhang, L.: On Design and Evaluation of “Intention- Driven ICMP Traceback. In: Proc. IEEE International Conference on Computer Communications and Networks, pp. 159–165. IEEE CS Press, Los Alamitos (2001)
Judson, T.W.: Abstract algebra: theory and applications. PWS Pub. Co., Boston (1994)
Stoica, I., Zhang, H.: Providing guaranteed services without per flow management. In: Proc. ACM SIGCOMM, pp. 81-94 (1999)
Press, W.H., Flannery, B.P., Teukolsky, S.A., Vetterling, W.T.: Numerical Recipes in FORTRAN: The Art of Scientific Computing, pp. 83–84. Cambridge University Press, Cambridge (1992)
Theilmann, W., Rothermel, K.: Dynamics distance maps of the internet. In: Proc. 2000 IEEE INFOCOM, pp. 275–284 (2000)
Peng, T., Leckie, C., Ramamohanarao, K.: Adjusted Probabilistic Packet Marking for IP traceback. In: Proc. 2nd International IFIP-TC6 Networking Conference (2002)
Krawczyk, H., Bellare M. and Canetti, R.: HMAC: Keyed-hashing for message authentication. Internet RFC 2104 (1997)
Almquist, P.: Type of service in the internet protocol suite. RFC 1349
Lee, W., Park, K.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In: Proc.2001 IEEE INFOCOM, pp. 338–347 (2001)
Alder, M.: Tradeoffs in Probabilistic Packet Marking for IP Traceback. In: Proc. 34th ACM Symposium of Theory of Computing, pp. 407–418. ACM Press, New York (2002)
Waldvogel, M.: GOSSIB vs. IP Traceback Rumors. In: Proc. 18th Annual Computer Security Applications Conference, pp. 5–13 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lau, NS., Lee, MC. (2004). An Efficient Domain Based Marking Scheme for IP Traceback. In: Mammeri, Z., Lorenz, P. (eds) High Speed Networks and Multimedia Communications. HSNMC 2004. Lecture Notes in Computer Science, vol 3079. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25969-5_100
Download citation
DOI: https://doi.org/10.1007/978-3-540-25969-5_100
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22262-0
Online ISBN: 978-3-540-25969-5
eBook Packages: Springer Book Archive