A feasible IP traceback framework through dynamic deterministic packet marking

Yu, Shui, Zhou, Wanlei, Guo, Song and Guo, Minyi 2016, A feasible IP traceback framework through dynamic deterministic packet marking, IEEE transactions on computers, vol. 65, no. 5, pp. 1418-1427, doi: 10.1109/TC.2015.2439287.

Attached Files
Name Description MIMEType Size Downloads

Title A feasible IP traceback framework through dynamic deterministic packet marking
Author(s) Yu, ShuiORCID iD for Yu, Shui orcid.org/0000-0003-4485-6743
Zhou, WanleiORCID iD for Zhou, Wanlei orcid.org/0000-0002-1680-2521
Guo, Song
Guo, Minyi
Journal name IEEE transactions on computers
Volume number 65
Issue number 5
Start page 1418
End page 1427
Total pages 10
Publisher IEEE
Place of publication Piscataway, N.J.
Publication date 2016-05
ISSN 0018-9340
1557-9956
Keyword(s) cybersecurity
IP traceback
packet marking
scalability
Summary DDoS attack source traceback is an open and challenging problem. Deterministic packet marking (DPM) is a simple and effective traceback mechanism, but the current DPM based traceback schemes are not practical due to their scalability constraint. We noticed a factor that only a limited number of computers and routers are involved in an attack session. Therefore, we only need to mark these involved nodes for traceback purpose, rather than marking every node of the Internet as the existing schemes doing. Based on this finding, we propose a novel marking on demand (MOD) traceback scheme based on the DPM mechanism. In order to traceback to involved attack source, what we need to do is to mark these involved ingress routers using the traditional DPM strategy. Similar to existing schemes, we require participated routers to install a traffic monitor. When a monitor notices a surge of suspicious network flows, it will request a unique mark from a globally shared MOD server, and mark the suspicious flows with the unique marks. At the same time, the MOD server records the information of the marks and their related requesting IP addresses. Once a DDoS attack is confirmed, the victim can obtain the attack sources by requesting the MOD server with the marks extracted from attack packets. Moreover, we use the marking space in a round-robin style, which essentially addresses the scalability problem of the existing DPM based traceback schemes. We establish a mathematical model for the proposed traceback scheme, and thoroughly analyze the system. Theoretical analysis and extensive real-world data experiments demonstrate that the proposed traceback method is feasible and effective.
Language eng
DOI 10.1109/TC.2015.2439287
Field of Research 080109 Pattern Recognition and Data Mining
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2016, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30083624

Document type: Journal Article
Collections: School of Information Technology
2018 ERA Submission
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 3 times in TR Web of Science
Scopus Citation Count Cited 6 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 251 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Mon, 23 May 2016, 14:52:46 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.