Performance of IP address fragmentation strategies for DDoS traceback

Author

Hamadeh, Ihab ; Kesidis, Geor-ee

Author_Institution

Dept. of Comput. Sci. & Eng., Pennsylvania State Univ., University Park, PA, USA

fYear

2003

fDate

1-3 Oct. 2003

Firstpage

1

Lastpage

7

Abstract

Distributed denial-of-service (DDoS) attacks are among the most difficult and damaging security problems that the Internet currently faces. The component problems for an end-system that is the victim of a DDoS attack are: determining which incoming packets are part of the attack (intrusion detection); tracing back to find the origins of the attack (i.e., "traceback"); taking action to mitigate or stop the attack at the source by configuring firewalls or taking some kind of punitive measures. The preferable solution to these problems operates in real time so that a DDoS attack can be mitigated before the victim is seriously harmed. The paper focuses on the technique of packet marking/overloading for automated DDoS traceback which is a complex problem simply because attackers can use spoof source IP addresses in their attacking packets. A new packet marking strategy is proposed and is shown to yield better results in terms of complexity and performance.

Keywords

Internet; authorisation; computational complexity; telecommunication security; DDoS traceback; IP address fragmentation strategies; Internet; complexity; distributed DoS; distributed denial-of-service; firewalls; intrusion detection; packet marking; packet overloading; punitive measures; security problems; spoof source IP addresses; Availability; Computer crime; Computer hacking; Computer science; Computer security; Debugging; Face detection; Internet; Intrusion detection; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

IP Operations & Management, 2003. (IPOM 2003). 3rd IEEE Workshop on

Print_ISBN

0-7803-8199-8

Type

conf

DOI

10.1109/IPOM.2003.1251217

Filename

1251217