Network Attack Detection and Mitigation

Resource exhaustion attacks or denial of service attacks (DoS) have emerged as a major way to compromise the availability of servers and interrupt legitimate online services. IP trace back refers to the problem of identifying the source of such attacks. Packet marking is a general technique to trace back attackers. The main idea in packet marking is to insert some trace back data in each packet. The general technique used is to encode the IP address of the edge router into each incoming packet and store it in the 16-bit ID field of the IP packet header. Since information of a 32-bit field is converted to a 16-bit field, irrespective of the hash function used, collisions occur. This means there will be false positives (that is incorrectly identifying a legitimate user as attacker) and the problem will escalate as the size of the network increase. To avoid such collisions, we propose to explore the feasibility of using packet marks that is not directly dependant on the IP address of the packet.