By Topic

Eagle Eyes: Protocol Independent Packet Marking Scheme to Filter Attack Packets and Reduce Collateral Damage During Flooding Based DoS and DDoS Attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Saurabh, S. ; Dept. of Comput. Sci., Indian Inst. of Technol. Patna, Patna, India ; Sairam, A.S.

Defences against Denial and Distributed Denial of Service (DDoS) attacks commonly responds to flooding by dropping excess traffic. Such rate limiting schemes drop all excess-traffic when the request arrival rate goes above a certain empirically calculated threshold. Flooding based DoS/DDoS attacks like TCP SYN Attack does not exhibit any special signature except that their arrival-rate is high enough to overwhelm the victim. Hence it is very difficult to differentiate between legitimate and attack traffic as they share the same signature. As a result, rate limiting schemes cause heavy collateral damage by dropping out legitimate traffic [15]. In this paper we propose a novel packet marking mechanism which not only mitigates DoS/DDoS attacks by filtering but also reduces collateral damage significantly by selectively dropping attack packets based on its packet mark while allowing the legitimate traffic to be processed smoothly. Our packet mark contains fingerprint of the path in each single packet which allows us in identifying attack packets coming from various sources even in case of IP spoofing. Our scheme does not require any protocol specific knowledge and can generically filter out attack packets for all kinds of flooding attacks. We have extensively evaluated our packet marking scheme. Results show effectiveness of our scheme in filtering attack traffic. Our scheme inflicts extremely low collateral damage to legitimate traffic while quickly detecting and selectively filtering attack traffic.

Published in:

Computer and Communication Technology (ICCCT), 2012 Third International Conference on

Date of Conference:

23-25 Nov. 2012