Deterministic and Authenticated Flow Marking for IP Traceback

Author

Foroushani, Vahid Aghaei ; Zincir-Heywood, A. Nur

Author_Institution

Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada

fYear

2013

fDate

25-28 March 2013

Firstpage

397

Lastpage

404

Abstract

In this paper, we present a novel approach to IP trace back - Deterministic Flow Marking (DFM) - which allows the victim to trace back the origin of incorrect or spoofed source addresses up to the attacker node, even if the attack has been originated from a network behind a NAT or a proxy server. DFM is scalable and simple to implement, it is capable of tracing thousands of simultaneous distributed attacks in near real time. Moreover, it has a small footprint, resulting in low processing and memory overhead at the victim machines and edge routers. Additionally, DFM provides an optional authentication, so that a compromised router cannot forge markings of other uncompromised routers. Our results show that DFM can reach to ~99% trace back rate with no false positives.

Keywords

Internet; computer network security; protocols; DFM; IP traceback; Internet protocol; authenticated flow marking; authentication; deterministic flow marking; distributed attack; edge router; Educational institutions; IP networks; Image edge detection; Internet; Network interfaces; Niobium; Probabilistic logic; Authenticated Flow Marking; DDoS Attacks; Deterministic Flow Marking; Flow Base IP Traceback; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on

Conference_Location

Barcelona

ISSN

1550-445X

Print_ISBN

978-1-4673-5550-6

Electronic_ISBN

1550-445X

Type

conf

DOI

10.1109/AINA.2013.60

Filename

6531783