Reflective Probabilistic Packet Marking Scheme for IP Traceback (original) (raw)

Reflective Probabilistic Packet Marking Scheme for IP Traceback (特集: 新たな脅威に立ち向かうコンピュータセキュリティ技術)

This paper describes the design and implementation of Reflective Probabilistic Packet Marking (RPPM) scheme, which is a traceback scheme against distributed denial-of-service (DDoS) attacks. Attacks include traffic laundered by reflectors which are sent false requests by attackers posing as a victim. Reflectors are among the hardest security problems on today's Internet. One promising solution to tracing the origin of attacks, the probabilistic packet marking (PPM) scheme, has proposed. However, conventional PPM cannot work against reflector attacks-reflector problem. Also, it encodes a mark into IP Identification field, this disables the use of ICMP-encoding problem. RPPM is a solution to both the reflector and encoding problem. We have extended PPM to render reflectors ineffectual by reflecting marking statistics of incoming packets at reflectors in order to trace the origin of the attacks. Furthermore, we have encoded a mark into the IP option field without reducing necessary information. Thus, RPPM can traceback beyond reflectors, ensures ICMP-compatibility, and eliminates possibility of failure in attack path reconstruction. Simulation results and our implementation based on Linux demonstrated that RPPM retains the semantics of conventional PPM on a path between an attacker and a reflector, and its performance is feasible for practice.

AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM

2010

Denial-of-service (DoS) attacks pose an increasing threat to today's Internet. One major difficulty to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Probabilistic packet marking algorithm (PPM), allows the victim to trace back the appropriate origin of spoofed IP source address to disguise the true origin. In this paper we propose a technique that efficiently encodes the packets than the Savage probabilistic packet marking algorithm and reconstruction of the attack graph. This enhances the reliability of the probabilistic packet marking algorithm.

Adaptive probabilistic packet marking scheme for IP traceback

2014 World Congress on Computer Applications and Information Systems (WCCAIS), 2014

IP Traceback is a fundamental mechanism in defending against cyber-attacks in particular the denial of service (DoS) attacks. Many schemes have been proposed in the literature; in particular, Probabilistic Packet Marking (PPM) schemes were in the center of the researchers' attention given their scalability and thus their ability to trace distributed attacks such as distributed denial of service attacks (DDoS). A major issue in PPM-based schemes is the fixed marking probability, which reduces the probability of getting marked packets from routers far away from the victim given that their marked packets have a higher probability to be re-marked by routers near the victim. This increases the number of packets required to reconstruct the attack path. In this paper, we propose a simple, yet efficient solution for this issue by letting the routers adapt their marking probability based on the number of packets they have previously re-marked. We compare our scheme to the original PPM through extensive simulations. The results clearly show the improvement brought by our proposed marking scheme.

On the (in) effectiveness of Probabilistic Marking for IP Traceback under DDoS Attacks

2007

Abstract Distributed denial-of-service attacks (DDoS) pose an immense threat to the Internet. The most studied solution is to let routers probabilistically mark packets with partial path information during packet forwarding, which is referred as Probabilistic Packet Marking (PPM). In this paper, we study the effect of simple attacker strategies to spoof the markings to impede victim's capacity to traceback. We show that random marking is sufficient to impede the victim from tracing the attackers.

Survey on Packet Marking Algorithms for IP Traceback

Oriental Scientific Publishing Company, 2017

Distributed Denial of Service (DDoS) attack is an unavoidable attack. Among various attacks on the network, DDoS attacks are difficult to detect because of IP spoofing. The IP traceback is the only technique to identify DDoS attacks. The path affected by DDoS attack is identified by IP traceback approaches like Probabilistic Packet marking algorithm (PPM) and Deterministic Packet Marking algorithm (DPM). The PPM approach finds the complete attack path from victim to the source where as DPM finds only the source of the attacker. Using DPM algorithm finding the source of the attacker is difficult, if the router get compromised. Using PPM algorithm we construct the complete attack path, so the compromised router can be identified. In this paper, we review PPM and DPM techniques and compare the strengths and weaknesses of each proposal.

A proposal for new marking scheme with its performance evaluation for IP traceback

WSEAS Transactions on Computers archive, 2008

Detecting and defeating Denial of Service (DoS) attacks is one of the hardest security problems on IP networks. Furthermore, spoofing of IP packets makes it difficult to combat against and fix such attacks. Packet marking is one of the methods to mitigate the DoS attack that helps traceback to the true origin of the packets. A hybrid packet marking algorithm, along with traceback mechanism to find the true origin of the attack traffic is presented in this study. The router marks the packets with inbound interface identifier of the router, but the novelty lies on the way it marks the packets. The stamping based on modulo technique and reverse modulo for the purpose reconstruction of attack path to traceback to the real source of the packets are proposed. The experimental measurements on the presented algorithm ensure that it requires less amount of time to mark and reconstruct the attack graph. It is also able to trace back to single packet, nevertheless it requires logging at very few routers and thus incurring insignificant storage overhead on the routers. The simulation study and the qualitative comparison with different traceback schemes are also presented to show the performance of the proposed system.

IP Traceback through Modified Probabilistic Packet Marking Algorithm

— Denial of service (DOS) attack is one of the most common attacks on the internet. The most difficult part of this attack is to find the source of the denial of service (DOS) attack. Savage et al. proposed PPM algorithm to traceback the route to the attacker. We found two disadvantages of the Savage traceback technique. The first disadvantage is probability of finding of far away routers is very less which results in losing some of the routers identity. This affects the attack graph construction. The second disadvantage is, because of remarking of the edges the constructed graph contain new edges which do not exist in attack graph. In this paper, we propose a modified probabilistic packet marking (MPPM) IP traceback methodology and we found that the results are quite interesting when compared with the approach proposed by Savage. Keywords— DOS attack, IP traceback, indicator, far away routers, Modified Probabilistic Packet marking.

A Novel Traceback Algorithm for DDoS Attack with Marking Scheme for Online System

This paper proposes an IP traceback mechanism for a large scale distributed online system. The proposed system is based on replication and tolerates arbitrary failures of servers. The service based on security concerns of server is implemented by IP trace back system based on Deterministic Packet Marking scheme (DPM). One of the major intimidations to the current networks is Distributed Denial of Service (DDoS) attack. Although many mechanisms are developed to detect the origin of DDoS attacks. The main issue concerned with detection systems is IP spoofing. As the detection scheme relies only on the marked information in the packet header fields, the source of the spoofed packets can also be accurately identified. It provides a protective system with ability to reconstruct the source IP when required. The main objective of this paper is to propose an effective trace back mechanism for DDoS attacks using Extended-DPM scheme. The proposed scheme is applied to an online system, which in turn improves the security process involved in the system. It resolves the disadvantages of existing methods by increasing throughput of processing server.

A Resolved IP Traceback through Probabilistic Packet Marking Algorithm

2011

The major problem of network security in present years is DoS (Denial of Service) attacks, in order to protect the network from these attacks a research is implemented in the key streams of network security. Packet marking is always required to track few details of packet like its source and the status toward reaching the destination. In most of the cases, packets transmitted by a source are lost or data in it is corrupted and may lose the packets permanently. A perfect packet marking algorithm is always required to mark the packet by the IP address of source and the current routers traversed by it. We suggest not marking each and every packet with equivalent probability; instead the marking probability is computed for the purpose of every packet by all the routers depending on field value of TTL (Time to Live).

Study on Various Marking Techniques for IP Traceback

International Journal of Web Technology

Attacks on the internet are a growing threat. Various means of malicious acts usually origin from an anonymous source which will steals, alters, compromise trustworthiness or destroys a specified victim by hacking into a susceptible target system. One challenge in defending against this Distributed Denial of Service attacks is that, source IP addresses are spoofed by attackers in order to evade traceability and bypass access controls. IP Traceback method is a solution for attributing cyber Attacks. It is also useful for accounting user traffic as well as network diagnosis. Although there are many IP traceback methods are proposed, the majority of research efforts decade in this area. Marking-based traceback (MBT) is a traceback approach which will find the traceback message delivery problem. This is very important to the successful completion of a Traceback which has been adequately studied in this paper. To address this issue, various Marking techniques for IP traceback have been presented.