Efficient AS DoS traceback

In the last decade, denial of service (DoS) becomes one of the most significant security threats in the Internet. The existing limitations of the Internet protocols and the available tools make DoS attack easy to launch and effective in damage. There are many different forms of DoS attack and size of attack could be varying from simple single attacker to a distributed denial of service (DDoS) where many compromised machines are involved. For example, the identity of the attacker could be forged by sending spoofed packets to confuse any traceback system. Identify the origin of the attack is known as traceback which is part of DoS mitigation. Many techniques have been proposed to traceback the origin of attack. Probabilistic packet marking (PPM) is one of the promising traceback techniques. It provides the full attack path by encoding of IP address of each router along the path. However, PPM encounters problems such as required number of packets to reconstruct the attack path is high. Number of required packets is significantly affected by the choice of the marking probability. In addition, involving all routers in marking would disclose the topology of the ISPs. This paper proposes a new efficient autonomous system (AS) traceback (EAST) technique to identify the AS of the attacker by probabilistically mark the packets. Our results show less number of required packets for path reconstruction comparing to PPM and other AS traceback techniques.