IP Traceback through modified Probabilistic Packet Marking algorithm using Chinese Remainder Theorem (original) (raw)

IP Traceback through Modified Probabilistic Packet Marking Algorithm

— Denial of service (DOS) attack is one of the most common attacks on the internet. The most difficult part of this attack is to find the source of the denial of service (DOS) attack. Savage et al. proposed PPM algorithm to traceback the route to the attacker. We found two disadvantages of the Savage traceback technique. The first disadvantage is probability of finding of far away routers is very less which results in losing some of the routers identity. This affects the attack graph construction. The second disadvantage is, because of remarking of the edges the constructed graph contain new edges which do not exist in attack graph. In this paper, we propose a modified probabilistic packet marking (MPPM) IP traceback methodology and we found that the results are quite interesting when compared with the approach proposed by Savage. Keywords— DOS attack, IP traceback, indicator, far away routers, Modified Probabilistic Packet marking.

Reflective Probabilistic Packet Marking Scheme for IP Traceback (特集: 新たな脅威に立ち向かうコンピュータセキュリティ技術)

This paper describes the design and implementation of Reflective Probabilistic Packet Marking (RPPM) scheme, which is a traceback scheme against distributed denial-of-service (DDoS) attacks. Attacks include traffic laundered by reflectors which are sent false requests by attackers posing as a victim. Reflectors are among the hardest security problems on today's Internet. One promising solution to tracing the origin of attacks, the probabilistic packet marking (PPM) scheme, has proposed. However, conventional PPM cannot work against reflector attacks-reflector problem. Also, it encodes a mark into IP Identification field, this disables the use of ICMP-encoding problem. RPPM is a solution to both the reflector and encoding problem. We have extended PPM to render reflectors ineffectual by reflecting marking statistics of incoming packets at reflectors in order to trace the origin of the attacks. Furthermore, we have encoded a mark into the IP option field without reducing necessary information. Thus, RPPM can traceback beyond reflectors, ensures ICMP-compatibility, and eliminates possibility of failure in attack path reconstruction. Simulation results and our implementation based on Linux demonstrated that RPPM retains the semantics of conventional PPM on a path between an attacker and a reflector, and its performance is feasible for practice.

Survey on Packet Marking Algorithms for IP Traceback

Oriental Scientific Publishing Company, 2017

Distributed Denial of Service (DDoS) attack is an unavoidable attack. Among various attacks on the network, DDoS attacks are difficult to detect because of IP spoofing. The IP traceback is the only technique to identify DDoS attacks. The path affected by DDoS attack is identified by IP traceback approaches like Probabilistic Packet marking algorithm (PPM) and Deterministic Packet Marking algorithm (DPM). The PPM approach finds the complete attack path from victim to the source where as DPM finds only the source of the attacker. Using DPM algorithm finding the source of the attacker is difficult, if the router get compromised. Using PPM algorithm we construct the complete attack path, so the compromised router can be identified. In this paper, we review PPM and DPM techniques and compare the strengths and weaknesses of each proposal.

A Resolved IP Traceback through Probabilistic Packet Marking Algorithm

2011

The major problem of network security in present years is DoS (Denial of Service) attacks, in order to protect the network from these attacks a research is implemented in the key streams of network security. Packet marking is always required to track few details of packet like its source and the status toward reaching the destination. In most of the cases, packets transmitted by a source are lost or data in it is corrupted and may lose the packets permanently. A perfect packet marking algorithm is always required to mark the packet by the IP address of source and the current routers traversed by it. We suggest not marking each and every packet with equivalent probability; instead the marking probability is computed for the purpose of every packet by all the routers depending on field value of TTL (Time to Live).

AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM

2010

Denial-of-service (DoS) attacks pose an increasing threat to today's Internet. One major difficulty to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Probabilistic packet marking algorithm (PPM), allows the victim to trace back the appropriate origin of spoofed IP source address to disguise the true origin. In this paper we propose a technique that efficiently encodes the packets than the Savage probabilistic packet marking algorithm and reconstruction of the attack graph. This enhances the reliability of the probabilistic packet marking algorithm.

Study on Various Marking Techniques for IP Traceback

International Journal of Web Technology

Attacks on the internet are a growing threat. Various means of malicious acts usually origin from an anonymous source which will steals, alters, compromise trustworthiness or destroys a specified victim by hacking into a susceptible target system. One challenge in defending against this Distributed Denial of Service attacks is that, source IP addresses are spoofed by attackers in order to evade traceability and bypass access controls. IP Traceback method is a solution for attributing cyber Attacks. It is also useful for accounting user traffic as well as network diagnosis. Although there are many IP traceback methods are proposed, the majority of research efforts decade in this area. Marking-based traceback (MBT) is a traceback approach which will find the traceback message delivery problem. This is very important to the successful completion of a Traceback which has been adequately studied in this paper. To address this issue, various Marking techniques for IP traceback have been presented.

Reflective Probabilistic Packet Marking Scheme for IP Traceback

2003

This paper describes the design and implementation of Reflective Probabilistic Packet Marking (RPPM) scheme, which is a traceback scheme against distributed denial-of-service (DDoS) attacks. Attacks include traffic laundered by reflectors which are sent false requests by attackers posing as a victim. Reflectors are among the hardest security problems on today’s Internet. One promising solution to tracing the origin of attacks, the probabilistic packet marking (PPM) scheme, has proposed. However, conventional PPM cannot work against reflector attacks — reflector problem. Also, it encodes a mark into IP Identification field, this disables the use of ICMP — encoding problem. RPPM is a solution to both the reflector and encoding problem. We have extended PPM to render reflectors ineffectual by reflecting marking statistics of incoming packets at reflectors in order to trace the origin of the attacks. Furthermore, we have encoded a mark into the IP option field without reducing necessary...

A proposal for new marking scheme with its performance evaluation for IP traceback

WSEAS Transactions on Computers archive, 2008

Detecting and defeating Denial of Service (DoS) attacks is one of the hardest security problems on IP networks. Furthermore, spoofing of IP packets makes it difficult to combat against and fix such attacks. Packet marking is one of the methods to mitigate the DoS attack that helps traceback to the true origin of the packets. A hybrid packet marking algorithm, along with traceback mechanism to find the true origin of the attack traffic is presented in this study. The router marks the packets with inbound interface identifier of the router, but the novelty lies on the way it marks the packets. The stamping based on modulo technique and reverse modulo for the purpose reconstruction of attack path to traceback to the real source of the packets are proposed. The experimental measurements on the presented algorithm ensure that it requires less amount of time to mark and reconstruct the attack graph. It is also able to trace back to single packet, nevertheless it requires logging at very few routers and thus incurring insignificant storage overhead on the routers. The simulation study and the qualitative comparison with different traceback schemes are also presented to show the performance of the proposed system.