A practical and robust inter-domain marking scheme for IP traceback

Zhiqiang Gao, Nirwan Ansari

Research output: Contribution to journalArticlepeer-review

39 Scopus citations

Abstract

A practical and robust inter-domain marking scheme for IP traceback is proposed. We first identify six drawbacks of Probabilistic Packet Marking (PPM), and then contrive a synergic scheme to address all of them. To relieve the victim from the daunting computational overhead, we derive the optimal marking probability with respect to the number of packets required for path reconstruction, and explore two different approaches to enhance PPM. In so doing, computational burden and spoofed marking inscribed by the attacker are thwarted. Next, we study the issue of bogus marking incurred by subverted routers. By coupling the marking and routing information, a downstream router can examine the correctness of the marking provided by upstream routers, thus eliminating the spurious marking embedded by subverted routers. Our coarse-grained marking tactic (marking at the AS level rather than hop-by-hop) brings two additional benefits: our scheme can effectively suppress false positives, and partial deployment of our scheme may achieve the similar effect as global deployment in the power-law Internet. Finally, we evaluate and analyze the performance of our proposal on empirical Internet measurement data. Results show that as many as 90.67% of marked packets required for path reconstruction may be reduced on average while false positives are greatly suppressed and robustness is significantly enhanced.

Original languageEnglish (US)
Pages (from-to)732-750
Number of pages19
JournalComputer Networks
Volume51
Issue number3
DOIs
StatePublished - Feb 21 2007

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Keywords

  • Distributed denial of service (DDoS)
  • IP traceback
  • Network security
  • Probabilistic packet marking (PPM)

Fingerprint

Dive into the research topics of 'A practical and robust inter-domain marking scheme for IP traceback'. Together they form a unique fingerprint.

Cite this