Title :
Deterministic and Authenticated Flow Marking for IP Traceback
Author :
Foroushani, Vahid Aghaei ; Zincir-Heywood, A. Nur
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
In this paper, we present a novel approach to IP trace back - Deterministic Flow Marking (DFM) - which allows the victim to trace back the origin of incorrect or spoofed source addresses up to the attacker node, even if the attack has been originated from a network behind a NAT or a proxy server. DFM is scalable and simple to implement, it is capable of tracing thousands of simultaneous distributed attacks in near real time. Moreover, it has a small footprint, resulting in low processing and memory overhead at the victim machines and edge routers. Additionally, DFM provides an optional authentication, so that a compromised router cannot forge markings of other uncompromised routers. Our results show that DFM can reach to ~99% trace back rate with no false positives.
Keywords :
Internet; computer network security; protocols; DFM; IP traceback; Internet protocol; authenticated flow marking; authentication; deterministic flow marking; distributed attack; edge router; Educational institutions; IP networks; Image edge detection; Internet; Network interfaces; Niobium; Probabilistic logic; Authenticated Flow Marking; DDoS Attacks; Deterministic Flow Marking; Flow Base IP Traceback; Security;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4673-5550-6
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2013.60
