NISp1-05: RIM: Router Interface Marking for IP Traceback

Author

Chen, Ruiliang ; Park, Jung-Min ; Marchany, Randolph

Author_Institution

Lab. for Adv. Res. in Inf. Assurance & Security, Virginia Polytech. Inst. & State Univ., Blacksburg, VA

fYear

2006

fDate

Nov. 27 2006-Dec. 1 2006

Firstpage

1

Lastpage

5

Abstract

Distributed Denial-of-Service (DDoS) attacks have become a major threat to the Internet. As a countermeasure against DDoS attacks, IP traceback schemes identify the network paths the attack traffic traverses. This paper presents a novel IP traceback scheme called Router Interface Marking (RIM). In RIM, a router probabilistically marks packets with a router interface´s identifier. After collecting the packets marked by each router in an attack path, a victim machine can use the information in the marked packets to trace back to the attack source. Different from most existing IP traceback schemes, RIM marks packets with the information of router interfaces rather than that of router IP addresses. This difference endows RIM with several advantageous features, including fast traceback speed, last-hop traceback capability, small computation overhead, low occurrence of false positives, and enhanced security.

Keywords

IP networks; Internet; routing protocols; telecommunication security; IP traceback; Internet; RIM; distributed denial-of-service attack; router interface marking scheme; Computer crime; Computer interfaces; Computer networks; Computer security; Filtering; Information security; Information technology; Internet; Laboratories; Secure storage;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE

Conference_Location

San Francisco, CA

ISSN

1930-529X

Print_ISBN

1-4244-0356-1

Electronic_ISBN

1930-529X

Type

conf

DOI

10.1109/GLOCOM.2006.312

Filename

4150942