Title :
FC-DERM: Fragmentation compatible deterministic edge router marking
Author :
Saurabh, Samant ; Sairam, Ashok Singh
Author_Institution :
Dept. of Comput. Sci., Indian Inst. of Technol., Patna, Patna, India
Abstract :
Distributed Denial-of-Service (DDoS) attacks are one of the major threats the Internet is facing today. The problem of tracing the attackers is particularly difficult since attackers spoof the source addresses. Researchers all over the world have proposed several packet marking based techniques for DDoS attack mitigation using IP Traceback, however even after a decade of active research no commercial product incorporates any of these packet marking techniques; either because they add overhead in network traffic or they break some of the existing internet features like IP fragmentation. In this paper, we propose a novel scheme which performs IP Traceback but adds no space overhead and yet is fragmentation compatible. We show that our scheme produces negligible false positive and causes almost no collision in ID field for fragmentation and reassembly. As this scheme is simple to implement and has very less processing and storage overhead at the victim and routers, it makes it a suitable candidate for widespread acceptance in the internet community and industry for DDoS attack prevention and mitigation.
Keywords :
Internet; security of data; telecommunication network routing; telecommunication security; telecommunication traffic; DDoS attack mitigation; FC-DERM; IP fragmentation; IP traceback; Internet community; deterministic edge router marking; distributed denial-of-service; fragmentation compatible; network traffic; packet marking; Computer crime; Delay; IP networks; Indexes; Internet; Routing protocols; DDoS; DoS; Edge Routers; Fragmentation compatible IP Traceback and RTT; Hashing; Packet Marking;
Conference_Titel :
Communications (APCC), 2011 17th Asia-Pacific Conference on
Conference_Location :
Sabah
Print_ISBN :
978-1-4577-0389-8
DOI :
10.1109/APCC.2011.6152917
