By Topic

IP traceback marking scheme based packets filtering mechanism

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
S. Y. Ping ; Comput. Sci. & Eng., Chinese Univ. of Hong Kong, China ; Lee Moonchuen

Denial of service attacks have become one of the most serious threats to the Internet community. One effective means to defend against such attacks is to locate the attack source(s) and to filter out the attack traffic. To locate the attack source(s), this paper proposes an adaptive packet marking scheme for IP traceback, which supports two types of marking. A participating border router would perform deterministic router id marking when a packet enters the network for the first time, and probabilistic domain id marking when it receives a packet from another domain. After collecting sufficient packets, the victim would reconstruct the attack graph incorporating attack paths and the source router(s) identified, with each node on the paths viewed as a domain. Based on the attack graph traced back we propose to let the filtering agent(s) inspect the markings inscribed in the received packets and filter the packets with a marking matching with the attack signatures. Simulation results show that the proposed marking scheme outperforms other IP traceback methods as it requires fewer packets for attack paths reconstruction, and can handle large number of attack sources effectively with relatively low false positives produced. Meanwhile, with the attack packets filtering mechanism, around 80% attack traffic would be removed and the normal traffic can be efficiently preserved in order to restore the victim's service.

Published in:

IP Operations and Management, 2004. Proceedings IEEE Workshop on

Date of Conference:

11-13 Oct. 2004