Openly accessible

Flexible deterministic packet marking: an IP traceback system to find the real source of attacks

Xiang, Yang, Zhou, Wanlei and Guo, Minyi 2009, Flexible deterministic packet marking: an IP traceback system to find the real source of attacks, IEEE transactions on parallel and distributed systems, vol. 20, no. 4, pp. 567-580.

Attached Files
Name Description MIMEType Size Downloads
zhou-flexibledeterministicpacket-2009.pdf Published version application/pdf 2.96MB 21

Title Flexible deterministic packet marking: an IP traceback system to find the real source of attacks
Author(s) Xiang, Yang
Zhou, Wanlei
Guo, Minyi
Journal name IEEE transactions on parallel and distributed systems
Volume number 20
Issue number 4
Start page 567
End page 580
Total pages 14
Publisher IEEE
Place of publication Piscataway, NJ
Publication date 2009-04
ISSN 1045-9219
1558-2183
Keyword(s) DDoS attacks
IP traceback
Performance evaluation
Routers
Security
Summary Internet Protocol (IP) traceback is the enabling technology to control Internet crime. In this paper, we present a novel and practical IP traceback system called Flexible Deterministic Packet Marking (FDPM) which provides a defense system with the ability to find out the real sources of attacking packets that traverse through the network. While a number of other traceback schemes exist, FDPM provides innovative features to trace the source of IP packets and can obtain better tracing capability than others. In particular, FDPM adopts a flexible mark length strategy to make it compatible to different network environments; it also adaptively changes its marking rate according to the load of the participating router by a flexible flow-based marking scheme. Evaluations on both simulation and real system implementation demonstrate that FDPM requires a moderately small number of packets to complete the traceback process; add little additional load to routers and can trace a large number of sources in one traceback process with low false positive rates. The built-in overload prevention mechanism makes this system capable of achieving a satisfactory traceback result even when the router is heavily loaded. The motivation of this traceback system is from DDoS defense. It has been used to not only trace DDoS attacking packets but also enhance filtering attacking traffic. It has a wide array of applications for other security systems.
Language eng
Field of Research 080503 Networking and Communications
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
HERDC collection year 2009
Copyright notice ©2009, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30028923

Document type: Journal Article
Collections: School of Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 16 times in TR Web of Science
Scopus Citation Count Cited 52 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 434 Abstract Views, 22 File Downloads  -  Detailed Statistics
Created: Wed, 26 May 2010, 19:32:06 EST by Sandra Dunoon

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.