Show simple item record

dc.contributor.authorSung, Minho
dc.contributor.authorChiang, Jason
dc.contributor.authorXu, Jun
dc.date.accessioned2007-05-10T20:51:13Z
dc.date.available2007-05-10T20:51:13Z
dc.date.issued2006
dc.identifier.urihttp://hdl.handle.net/1853/14347
dc.description.abstractRecent surveys show that DDoS attack is still one of the major threats to the Internet security. Many techniques have been proposed to trace the origin of attacking packets, known as IP traceback problem, using either hash-based packet logging or probabilistic packet marking. However, both approaches have scalability problems under the heavy DDoS attacks in terms of the space and computational overheads. In this paper, we propose a novel scalable IP Traceback scheme by utilizing the advantage of both packet logging and marking to balance the overheads at routers and at the victim, hence scalable for both sides. The baseline idea of our approach is to sample a very small percentage (e.g., 1%) of packets at the routers, and save the digests of only sampled packets. At the same time, the routers mark their signature using very simple marking scheme into the marking field of sampled IP packets to send out the "information of logging" to the victim in probabilistic way to help the traceback procedure. We also propose a heuristic technique to improve the performance of the marking scheme. In the result, the number of attacking packets the victim should collect for the traceback procedure to achieve high level of traceback accuracy is much less than the numbers in previous PPM schemes, and also the computational and storage overhead in routers are much less than previous packet logging approach.en
dc.language.isoen_USen
dc.publisherGeorgia Institute of Technologyen
dc.relation.ispartofseriesSCS Technical Report ; GIT-CSS-06-08en
dc.subjectDistributed denial of service (DDoS)en
dc.subjectIP tracebacken
dc.subjectPacket logging and markingen
dc.subjectRoutersen
dc.titleScalable Hash-based IP Traceback Using Rate-limited Probabilistic Packet Markingen
dc.typeTechnical Reporten
dc.contributor.corporatenameGeorgia Institute of Technology. College of Computing


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record