We are currently experiencing intermittent issues impacting performance. We apologize for the inconvenience.
By Topic

A Stateless Traceback Technique for Identifying the Origin of Attacks from a Single Packet

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Moreira, M.D.D. ; Univ. Fed. do Rio de Janeiro, Rio de Janeiro, Brazil ; Laufer, R.P. ; Fernandes, N.C. ; Duarte, O.C.M.B.

Anonymity is one of the main motivations for conducting denial-of-service attacks. Currently, there is no mechanism to either identify the true source of an IP packet or to prove its authenticity. In this paper we propose a stateless IP traceback technique that identifies the origin network of each individual packet. We show that the proposed traceback system is the only one that scales with the number of attackers and also satisfies practical requirements, such as no state stored at routers and a header overhead (25 bits) that can be allocated in IPv4 header. The proposed system exploits the customer-provider hierarchy of the Internet at autonomous system (AS) level and introduces the idea of checkpoints, which are the two most important nodes in an AS-level path. Simulation results using a real-world topology trace show that the proposed system narrows the source of an attack packet down to less than two candidate ASes on average. In addition, considering a partial deployment scenario, we show that the proposed system is able to successfully trace more than 90% of the attacks if only 8% of the ASes (i.e., just the core ASes) implement the system. The achieved success rate is quite better than using the classical hop-by-hop path reconstruction.

Published in:

Communications (ICC), 2011 IEEE International Conference on

Date of Conference:

5-9 June 2011