Tracing Multiple Attackers with Deterministic Packet Marking (DPM)

Andrey Belenky, Nirwan Ansari

Research output: Contribution to conferencePaperpeer-review

65 Scopus citations

Abstract

The rising threat of cyber attacks, especially distributed denial-of-service (DDoS), makes the IP Traceback problem very relevant to today's Internet security. IP Traceback is one of the security problems associated with identifying the source of the attack packets. This work presents a novel approach to IP Traceback - Deterministic Packet Marking (DPM). The proposed approach is scalable, simple to implement, and introduces no bandwidth and practically no processing overhead on the network equipment. It is capable of tracing thousands of simultaneous attackers during DDoS attack. All of the processing is done at the victim. The traceback process can be performed post-mortem, which allows for tracing the attacks that may not have been noticed initially. The involvement of the Internet service providers (ISP) is very limited, and changes to the infrastructure and operation required to deploy DPM are minimal. DPM performs the traceback without revealing the internal topology of the provider's network, which is a desirable quality of a traceback scheme.

Original languageEnglish (US)
Pages49-52
Number of pages4
StatePublished - Nov 7 2003
Event2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) - Victoria, B.C., Canada
Duration: Aug 28 2003Aug 30 2003

Other

Other2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003)
Country/TerritoryCanada
CityVictoria, B.C.
Period8/28/038/30/03

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Tracing Multiple Attackers with Deterministic Packet Marking (DPM)'. Together they form a unique fingerprint.

Cite this