IP Traceback by Packet Marking Method with Bloom Filters

Author

Takurou, Hosoi ; Matsuura, Kanta ; Imai, H.

Author_Institution

Univ. of Tokyo, Tokyo

fYear

2007

fDate

8-11 Oct. 2007

Firstpage

255

Lastpage

263

Abstract

IP traceback techniques are tracing methods which identify (candidate(s) of) the real sender of the packet(s) on the Internet, in which senders can freely spoof the source address written in the packet header. Many previous works have been done, but for postmortem tracing, some of them need a storage with large capacity and fast operation speed, and others need a number of packets to trace successfully. Aiming to diminish these shortcomings, we propose an IP traceback technique by a packet marking method with Bloom filters, which can trace a single packet postmortem without a large capacity storage. We evaluated the mean false positive rate of this method on a simple network topology, and find out that a single packet can be traced in a network with a few thousand routers if we use 16 bits for marking area and the false positive rate of one half is permitted.

Keywords

IP networks; Internet; filtering theory; security of data; telecommunication security; IP traceback; Internet; bloom filters; packet marking method; postmortem tracing; security; Computer crime; Data security; IP networks; Information filtering; Information filters; Information security; Internet; Network topology; Protocols; Telecommunication traffic; IP traceback; Internet; Packet marking; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Security Technology, 2007 41st Annual IEEE International Carnahan Conference on

Conference_Location

Ottawa, Ont.

Print_ISBN

978-1-4244-1129-0

Type

conf

DOI

10.1109/CCST.2007.4373498

Filename

4373498