Title:
Scalable Hash-based IP Traceback Using Rate-limited Probabilistic Packet Marking
Scalable Hash-based IP Traceback Using Rate-limited Probabilistic Packet Marking
Author(s)
Sung, Minho
Chiang, Jason
Xu, Jun
Chiang, Jason
Xu, Jun
Advisor(s)
Editor(s)
Collections
Supplementary to
Permanent Link
Abstract
Recent surveys show that DDoS attack is still one of
the major threats to the Internet security. Many techniques have
been proposed to trace the origin of attacking packets, known as
IP traceback problem, using either hash-based packet logging or
probabilistic packet marking. However, both approaches have
scalability problems under the heavy DDoS attacks in terms
of the space and computational overheads. In this paper, we
propose a novel scalable IP Traceback scheme by utilizing the
advantage of both packet logging and marking to balance the
overheads at routers and at the victim, hence scalable for both
sides. The baseline idea of our approach is to sample a very
small percentage (e.g., 1%) of packets at the routers, and save
the digests of only sampled packets. At the same time, the routers
mark their signature using very simple marking scheme into the
marking field of sampled IP packets to send out the "information
of logging" to the victim in probabilistic way to help the traceback
procedure. We also propose a heuristic technique to improve the
performance of the marking scheme. In the result, the number
of attacking packets the victim should collect for the traceback
procedure to achieve high level of traceback accuracy is much
less than the numbers in previous PPM schemes, and also the
computational and storage overhead in routers are much less
than previous packet logging approach.
Sponsor
Date Issued
2006
Extent
Resource Type
Text
Resource Subtype
Technical Report