Title :
A new scheme for IP traceback under DoS attack
Author :
Hai-tao, Llan ; Liu-sheng, Huang ; Yun-fei, Lei ; Guo-liang, Chen
Author_Institution :
Dept. of Comput. Sci. & Technol., Univ. of Sci. & Technol. of China, China
Abstract :
The problem of identifying the sources of a denial of service attack is among the hardest in the Internet security area, since attackers often use spoofed source IP addresses. We present a new scheme called MAC-based probabilistic packet marking (MPPM) for IP traceback under DoS attack. A router marks the packets stochastically with fragments of an edge composed of itself and the next hop router. Message authentication code (MAC) is used to link and authenticate fragments of routers´ addresses in the marked attack packets. The main advantage of MPPM over known PPM schemes includes less attack packets required to converge, linear computation overhead and more precision. Moreover the optional authentication mechanism provides robustness against faked marks. MPPM also features low router cost and supports incremental deployment.
Keywords :
IP networks; Internet; computer crime; message authentication; probability; telecommunication network routing; telecommunication security; telecommunication services; DDoS attack; IP traceback; Internet security; MAC; MAC-based probabilistic packet marking; MPPM; distributed denial of service attack; message authentication code; spoofed source IP address; Bandwidth; Computer crime; Computer science; Computer security; Costs; Filtering; Message authentication; Power system security; Robustness; Web and internet services;
Conference_Titel :
Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT'2003. Proceedings of the Fourth International Conference on
Print_ISBN :
0-7803-7840-7
DOI :
10.1109/PDCAT.2003.1236285
