Title :
FIT: fast Internet traceback
Author :
Yaar, Abraham ; Perrig, Adrian ; Song, Dawn
Author_Institution :
Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
Traceback mechanisms are a critical part of the defense against IP spoofing and DoS attacks, as well as being of forensic value to law enforcement. Currently proposed IP traceback mechanisms are inadequate to address the traceback problem for the following reasons: they require DDoS victims to gather thousands of packets to reconstruct a single attack path; they do not scale to large scale distributed DoS attacks; and they do not support incremental deployment. We propose fast Internet traceback (FIT), a new packet marking approach that significantly improves IP traceback in several dimensions: (1) victims can identify attack paths with high probability after receiving only tens of packets, a reduction of 1-3 orders of magnitude compared to previous packet marking schemes; (2) FIT performs well even in the presence of legacy routers, allowing every FIT-enabled router in path to be identified; and (3) FIT scales to large distributed attacks with thousands of attackers. Compared with previous packet marking schemes, FIT represents a step forward in performance and deployability.
Keywords :
IP networks; Internet; large-scale systems; probability; quality of service; telecommunication network routing; FIT; IP spoofing; IP traceback mechanism; fast Internet traceback; large scale distributed DoS attacks; law enforcement; legacy routers; packet marking approach; probability; Computer crime; Costs; Domain Name System; Environmental economics; Forensics; Frequency; Internet; Large-scale systems; Law enforcement; Protection;
Conference_Titel :
INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE
Print_ISBN :
0-7803-8968-9
DOI :
10.1109/INFCOM.2005.1498364
