PTrace: Pushback/SVM Based ICMP Traceback Mechanism against DDoS Attack

  • Hyung-Woo Lee
  • Min-Goo Kang
  • Chang-Won Choi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3043)


DDoS attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. In this paper, we propose a ”advanced ICMP Traceback” mechanism, which is based on the modified Pushback/SVM system(pTrace). Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source.


Congestion Signature Attack Packet Hacking Attack Victim System Router Address 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Garber, L.: Denial-of-Service attacks trip the Internet. Computer, 12 (April 2000)Google Scholar
  2. 2.
    Computer Emergency Response Team, TCP SYN flooding and IP Spoofing attacks. CERT Advisory CA-1996-21 (September 1996)Google Scholar
  3. 3.
    Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing, 20–26 ( March 2002)Google Scholar
  4. 4.
    Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: Proc. IEEE INFOCOM 2001, pp. 338–347 (2001)Google Scholar
  5. 5.
    Song, D.X., Perrig, A.: Advanced and Authenticated Marking Scheme for IP Traceback. Proc, Infocom 2, 878–886 (2001)Google Scholar
  6. 6.
    Bellovin, S., Taylor, T.: ICMP Traceback Messages. RFC 2026, Internet Engineering Task Force (February 2003) Google Scholar
  7. 7.
    Stone, R.: CenterTrack: an IP overlay network for tracking DoS floods. In: Proc, 9th Usenix Security Symp. (August 2000)Google Scholar
  8. 8.
    Snoeren, A.C., Partridge, C., Sanchez, L.A., Strayer, W.T., Jones, C.E., chakountio, F.T., Kent, S.T.: Hash-Based IP Traceback. BBN Technical Memorandum 1284, February 7 (2001) Google Scholar
  9. 9.
    Chang, H.Y., et al.: Deciduous: Decentralized Source Identification for Networkbased Intrusions. In: Proc, 6th IFIP/ IEEE Int’l Symp. Integrated Net., Mmgt. (1999)Google Scholar
  10. 10.
    Floyd, S., Bellovin, S., Ioannidis, J. Kompella, K., Mahajan, R., Paxson, V.: Pushback Message for Controlling Aggregates in the Network. Internet Draft (2001) Google Scholar
  11. 11.
    Ferguson, P., Senie, D.: Network ingress Filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2827 (May 2000) Google Scholar
  12. 12.
    Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. Technical Report UW-CSE-2000-02-01, Departmentof Computer Science and Engineering, University of Washington Google Scholar
  13. 13.
    Burges, C.J.C.: A Tutorial on Support Vector Machines for Pattern Recognition. Data Mining and Knowledge Discovery 2, 121–167 (1998)CrossRefGoogle Scholar
  14. 14.
    Belenky, A., Ansari, N.: On IP Traceback. IEEE Communication Magazine, 142–153 (July 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Hyung-Woo Lee
    • 1
  • Min-Goo Kang
    • 2
  • Chang-Won Choi
    • 2
  1. 1.Dept. of SoftwareHanshin UniversityGyunggiKorea
  2. 2.Hanshin UniversityGyunggiKorea

Personalised recommendations