TY - JOUR
T1 - A practical and robust inter-domain marking scheme for IP traceback
AU - Gao, Zhiqiang
AU - Ansari, Nirwan
N1 - Funding Information:
The authors would like to express their gratitude to the insight and constructive comments of the reviewers that have helped improve the quality of this paper. This work was supported in part by the New Jersey Commission on Science and Technology via the NJ Center for Wireless Networks and Internet Security.
PY - 2007/2/21
Y1 - 2007/2/21
N2 - A practical and robust inter-domain marking scheme for IP traceback is proposed. We first identify six drawbacks of Probabilistic Packet Marking (PPM), and then contrive a synergic scheme to address all of them. To relieve the victim from the daunting computational overhead, we derive the optimal marking probability with respect to the number of packets required for path reconstruction, and explore two different approaches to enhance PPM. In so doing, computational burden and spoofed marking inscribed by the attacker are thwarted. Next, we study the issue of bogus marking incurred by subverted routers. By coupling the marking and routing information, a downstream router can examine the correctness of the marking provided by upstream routers, thus eliminating the spurious marking embedded by subverted routers. Our coarse-grained marking tactic (marking at the AS level rather than hop-by-hop) brings two additional benefits: our scheme can effectively suppress false positives, and partial deployment of our scheme may achieve the similar effect as global deployment in the power-law Internet. Finally, we evaluate and analyze the performance of our proposal on empirical Internet measurement data. Results show that as many as 90.67% of marked packets required for path reconstruction may be reduced on average while false positives are greatly suppressed and robustness is significantly enhanced.
AB - A practical and robust inter-domain marking scheme for IP traceback is proposed. We first identify six drawbacks of Probabilistic Packet Marking (PPM), and then contrive a synergic scheme to address all of them. To relieve the victim from the daunting computational overhead, we derive the optimal marking probability with respect to the number of packets required for path reconstruction, and explore two different approaches to enhance PPM. In so doing, computational burden and spoofed marking inscribed by the attacker are thwarted. Next, we study the issue of bogus marking incurred by subverted routers. By coupling the marking and routing information, a downstream router can examine the correctness of the marking provided by upstream routers, thus eliminating the spurious marking embedded by subverted routers. Our coarse-grained marking tactic (marking at the AS level rather than hop-by-hop) brings two additional benefits: our scheme can effectively suppress false positives, and partial deployment of our scheme may achieve the similar effect as global deployment in the power-law Internet. Finally, we evaluate and analyze the performance of our proposal on empirical Internet measurement data. Results show that as many as 90.67% of marked packets required for path reconstruction may be reduced on average while false positives are greatly suppressed and robustness is significantly enhanced.
KW - Distributed denial of service (DDoS)
KW - IP traceback
KW - Network security
KW - Probabilistic packet marking (PPM)
UR - http://www.scopus.com/inward/record.url?scp=33751257165&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33751257165&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2006.06.003
DO - 10.1016/j.comnet.2006.06.003
M3 - Article
AN - SCOPUS:33751257165
SN - 1389-1286
VL - 51
SP - 732
EP - 750
JO - Computer Networks
JF - Computer Networks
IS - 3
ER -