Title :
DDPM: Dynamic Deterministic Packet Marking for IP Traceback
Author :
Shokri, Reza ; Varshovi, Ali ; Mohammadi, Hossein ; Yazdani, Nasser ; Sadeghian, Babak
Author_Institution :
Dept. of Electr. & Comput. Eng., Tehran Univ.
Abstract :
This paper introduces the concepts of Dynamic Marking and Mark-based Detection to the field of IP Traceback. In Dynamic Marking it is possible to find the attack agents in a large scale DDoS network. Moreover, in the case of a DRDoS it enables the victim to trace the attack one step further back to the source, to find a master machine or the real attacker with only a few numbers of packets. The proposed marking procedure increases the possibility of DRDoS attack detection at the victim through Mark-based Detection. In Mark-based method, the detection engine takes into account the marks of the packets to identify varying sources of a single site involved in a DDoS attack. This significantly increases the probability of detection. In order to satisfy the end-to-end arguments approach, fate-sharing and also respect to the need for scalable and applicable schemes, only edge routers implement our simple marking procedure. The delay and bandwidth overhead added to the edge routers is fairly negligible.
Keywords :
IP networks; probability; routing protocols; DDPM; DDoS network; DRDoS; IP traceback; detection probability; dynamic deterministic packet marking; edge routers; Bandwidth; Computer crime; Data security; Delay; Engines; Internet; Laboratories; Large-scale systems; Protocols; Telecommunication traffic; DDoS; DRDoS; Dynamic Marking; IP Traceback; Mark-Based Detection;
Conference_Titel :
Networks, 2006. ICON '06. 14th IEEE International Conference on
Conference_Location :
Singapore
Print_ISBN :
0-7803-9746-0
DOI :
10.1109/ICON.2006.302640
