By Topic

NISp1-03: Robust and Scalable Deterministic Packet Marking Scheme for IP Traceback

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Lin, I. ; Dept. of Commun. Eng., Nat. Chiao Tung Univ., Hsinchu ; Tsern-Huei Lee

Deterministic packet marking (DPM) has recently been proposed as an alternative approach for IP traceback to identify the ingress router interfaces that receive and forward attack packets. Scalable, simple to implement, and no extra bandwidth required are the major advantages of DPM. Besides, it allows incremental deployment and service providers can implement it without revealing their internal network topology. Several DPM schemes have recently been proposed. Unfortunately, these schemes suffer from either a high false positive rate when there are multiple simultaneous attackers or a high false negative rate when packet loss happens because of congestion. In this paper, we propose and evaluate the false positive and false negative rates of a novel DPM scheme that is much scalable than the previous schemes. In the proposed DPM scheme, we use multiple hash functions to reduce the probability of address digest collision. Our analysis and computer simulations show that the proposed DPM scheme results in much smaller false positive rate than previous schemes. Moreover, by modifying the reconstruction procedure, one can control the false negative rate to combat packet loss with slight increase of false positive rate. With eight different kinds of marks, the expected number of packets required to reconstruct an interface address is only 22.

Published in:

Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE

Date of Conference:

Nov. 27 2006-Dec. 1 2006