DocumentCode
687569
Title
A dynamical Deterministic Packet Marking scheme for DDoS traceback
Author
Shui Yu ; Wanlei Zhou ; Song Guo ; Minyi Guo
Author_Institution
Sch. of IT, Deakin Univ., Melbourne, VIC, Australia
fYear
2013
fDate
9-13 Dec. 2013
Firstpage
729
Lastpage
734
Abstract
DDoS attack source traceback is an open and challenging problem. Deterministic packet marking (DPM) is a simple and relatively effective traceback scheme among the available traceback methods. However, the existing DPM schemes inheret a critical drawback of scalability in tracing all possible attack sources, which roots at their static mark encoding and attempt to mark all Internet routers for their traceback purpose. We find that a DDoS attack session usually involves a limited number of attack sources, e.g. at the thousand level. In order to achieve the traceback goal, we only need to mark these attack related routers. We therefore propose a novel Marking on Demand (MOD) scheme based on the DPM mechanism to dynamical distribute marking IDs in both temporal and space dimensions. The proposed MOD scheme can traceback to all possible sources of DDoS attacks, which is not possible for the existing DPM schemes. We thoroughly compare the proposed MOD scheme with two dominant DPM schemes through theoretical analysis and experiments. The the results demonstrate that the MOD scheme outperforms the existing DPM schemes.
Keywords
Internet; computer network security; telecommunication network routing; DDoS attack session; DDoS attack source traceback; DPM scheme; IP traceback; Internet routers; MOD scheme; dynamical deterministic packet marking scheme; marking-on-demand scheme; static mark encoding; Computer crime; IP networks; Information systems; Internet; Scalability; Servers; DDoS; Deterministic packet marking; traceback;
fLanguage
English
Publisher
ieee
Conference_Titel
Global Communications Conference (GLOBECOM), 2013 IEEE
Conference_Location
Atlanta, GA
Type
conf
DOI
10.1109/GLOCOM.2013.6831159
Filename
6831159
Link To Document