Abstract
Defense against distributed denial-of-service attacks is one of the hardest security problems on the Internet. Among those problems, the most difficult problem is to trace the attacks back to its origin for the attackers always use incorrect or spoofed IP addresses in the attack packets. In this paper, we propose a multiedge marking scheme, which allow the victim to traceback to or near to the origin of the attackers with the help of the network administrator. The scheme features high performance efficiency and no false positive. Compared with the previous solutions, it has high precision and low computation overhead for victim to reconstruct the attack paths. Base on this marking scheme, DDoS Scouter is developed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
W. Theilmann, et al., “Dynamic Distance Maps of the Internet”, Proc. IEEE INFOCOM’00, Tel Aviv, Israel, March, 2000.
J. Postel, “Internet Protocol”, RFC791, Sep. 1981.
A. C. Snoeren, et al., Hash-based IP Traceback, SIGCOMM’01, August 27–31, 2001, San Diego, California, USA.
Rocky K. C, Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial, IEEE Communications Magazine, October 2002.
S. Savage, et al., Network Support for IP Traceback, IEEE/ACM Transactions on Networking, Vol.9, No. 3, Jun. 2001.
J. Mogul, et al., “Path MTU discovery”, RFC1191, 1990.
H. Krawczyk, et al., HMAC: Keyed-hashing for message authentication, Internet RFC 2104, February 1997.
R. L. Rivest, The MD5 message digest algorithm, RFC 1321, Internet Activities Board, Internet Privacy Task Force, April 1992, 1992.
Steve Bellovin, The icmp traceback message, http://www.research.att.com/?smb, 2000.
P. Ferguson, et al., Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing, RFC 2267, January 1998.
Hal Burch, et al., “Tracing anonymous packets to their approximate source”, Unpublished paper, December 1999.
Robert Stone, Centertrack: An ip overlay network for tracking dos floods, Unpublished, October 1999.
Drew Dean, et al., An algebraic approach to ip traceback, in Network and Distributed System Security Symposium, NDSS’ 01, February 2001.
D. X. Song, et al., Advanced and Authenticated Marking Schemes for IP Traceback, Proc. IEEE INFOCOM’01, April, 2001.
D. Moore, et al., Inferring Internet Denial-of-Service Activity, Proc. Of the 10th USENIX Security Symposium, Washington, D.C., USA, August, 2001.
H. Wang, et al., “Detecting SYN Flooding Attacks”, Proc. IEEE INFOCOM’02, 2002.
R. L. Carter, et al., Dynamic Server Selection Using Dynamic Path Characterization in Wide-Area Networks, Proc. IEEE INFOCOM’97, Kobe, Japan, April, 1997.
M. T. Goodrich, Efficient Packet Marking for Large-Scale IP Traceback, CCS’02, November 18–22, 2002, Washington, DC, USA.
A. Ramanathan, et al., WADeS: A Tool for Distributed Dennial of Service Attack Detection, ACM SIGCOMM Internet Measurement Workshop 2002.
C. Manikopoulo, et al., Network Intrusion and Fault Detection: A Statistical Anomaly Approach, IEEE Communications Magazine, October, 2002.
G. Vigna, et al., NetSTAT: A Network-based Intrusion Detection Approach, Proc. 14th An. Comp. Sec. App. Conf., 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Kluwer Academic Publishers
About this chapter
Cite this chapter
Kai, C., Xiaoxin, H., Ruibing, H. (2004). DDoS Scouter: A Simple IP Traceback Scheme. In: Chen, K. (eds) Progress on Cryptography. The International Series in Engineering and Computer Science, vol 769. Springer, Boston, MA. https://doi.org/10.1007/1-4020-7987-7_30
Download citation
DOI: https://doi.org/10.1007/1-4020-7987-7_30
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-7986-3
Online ISBN: 978-1-4020-7987-0
eBook Packages: Springer Book Archive