Title :
An IP traceback technique against denial-of-service attacks
Author :
Chen, Zhaole ; Lee, Moon-Chuen
Author_Institution :
Dept. of Comput. Sci. & Eng., Chinese Univ. of Hong Kong, China
Abstract :
Reflector attack [Vern Paxson (2001)] belongs to one of the most serious types of denial-of-service (DoS) attacks, which can hardly be traced by contemporary traceback techniques, since the marked information written by any routers between the attacker and the reflectors will be lost in the replied packets from the reflectors. We propose a reflective algebraic marking scheme for tracing DoS and DDoS attacks, as well as reflector attacks. The proposed marking scheme contains three algorithms, namely the marking, reflection and reconstruction algorithms, which have been well tested through extensive simulation experiments. The results show that the marking scheme can achieve a high performance in tracing the sources of the potential attack packets. In addition, it produces negligible false positives; whereas other current methods usually produce a certain amount of false positives.
Keywords :
IP networks; computer crime; DDoS attacks; IP traceback technique; denial-of-service attacks; marking algorithm; reconstruction algorithm; reflection algorithm; reflective algebraic marking; reflector attacks; Broadcasting; Computer crime; Computer science; Floods; Reconstruction algorithms; Reflection; Telecommunication traffic; Testing;
Conference_Titel :
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Print_ISBN :
0-7695-2041-3
DOI :
10.1109/CSAC.2003.1254314
