Wuhan University Journal of Natural Sciences

, Volume 18, Issue 6, pp 484–488 | Cite as

A dynamic probabilistic marking approach with multi-tag for tracing ICMP-based DoS attacks

  • Xiuzhen Chen
  • Jin Ma
  • Shenghong Li
  • Ken Chen
  • Ahmed Serhrouchni


This paper presents a dynamic probabilistic marking algorithm with multiple routing address tags, which allows the victim to traceback the origin of ICMP (Internet Control Message Protocol)-based direct and reflective DoS attacks. The proposed approach makes full use of scalable data space of ICMP packet to achieve multiple information tags. The difference between this proposal and previous proposals lies in two points. First, the number of packets needed by the victim to reconstruct the attack path is greatly reduced because of three key mechanisms: multi-tag, uniform leftover probability, and tag location choice based on the module of accommodated tag numbers within a packet. Second, the true origin of both direct and reflective ICMP-based DoS attacks can be traced.

Key words

network security denial of service IP traceback dynamic probabilistic marking multi-tag 

CLC number

TP 305 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Alomari E, Manickam S, Gupta B B, et al. Botnet-based distributed denial of service (DDoS) attacks on Web servers: Classification and art [J]. International Journal of Computer Applications, 2012, 49(7): 24–32.CrossRefGoogle Scholar
  2. [2]
    Douligeris C, Mitrokotsa A. DDoS attacks and defense mechanisms: classification and state-of-the-art [J]. Computer Networks, 2004, 44: 643–666.CrossRefGoogle Scholar
  3. [3]
    Peng T, Leckie C, Ramamohananrao K. Survey of network-based defense mechanisms countering the DoS and DDoS problems [J]. ACM Computing Surveys, 2007, 39(1): 1–42.CrossRefGoogle Scholar
  4. [4]
    Vincent S, Immanuel J, Raja J. A survey of IP traceback mechanisms to overcome denial-of-service attacks [C]// 12th International Conference on Networking, VLSI and Signal Processing (ICNVS’10). Cambrige: World Scientific and Engineering Academy and Society (WSEAS), 2010.Google Scholar
  5. [5]
    Malliga S, Tamilarasi A. A hybrid scheme using packet marking and logging for IP traceback [J]. International Journal of Internet Protocol Technology, 2010, 5(1): 81–91.CrossRefGoogle Scholar
  6. [6]
    Jiang H, Li M Z, Wang X. A PPM probabilistic packet marking improving scheme [J]. Journal of Shandong University (Natural Science Edition), 2011, 46(9): 85–88(Ch).Google Scholar
  7. [7]
    Yan Q, He X M, Ning T. An improved dynamic probabilistic packet marking for IP traceback [J]. International Journal Computer Network and Information Security, 2010, 2(2): 47–53.CrossRefGoogle Scholar
  8. [8]
    Liu J, Lee Z J, Chung Y C. Dynamic probabilistic packet marking for efficient IP traceback [J].Computer Networks, 2007, 51(3): 866–882.CrossRefGoogle Scholar
  9. [9]
    Guerid H, Serhrouchni A, Achemlal M, et al. A Novel Traceback Approach for Direct and Reflected ICMP Attacks [C]//2011 Conference on Network and Information Systems Security (SAR-SSI). Piscataway: IEEE Press, 2011.Google Scholar
  10. [10]
    Katz-Bassett E. Practical reverse traceroute [EB/OL]. [2013-01-15]. http://www.nanog.org/meetings/nanog45/pr-esentations/Tuesday/Katz_reversetraceroute_N45.pdf.

Copyright information

© Wuhan University and Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Xiuzhen Chen
    • 1
    • 2
  • Jin Ma
    • 2
  • Shenghong Li
    • 2
  • Ken Chen
    • 3
  • Ahmed Serhrouchni
    • 4
  1. 1.State Key Laboratory for Manufacturing Systems EngineeringXi’an Jiaotong UniversityXi’anShaanxi, China
  2. 2.School of Information Security EngineeringShanghai Jiao Tong UniversityShanghaiChina
  3. 3.Les Laboratoires de l’Institut GaliléeUniversité Paris 13ParisFrance
  4. 4.Network and Computer Science DepartmentTelecom ParisTechParisFrance

Personalised recommendations