A dynamic probabilistic marking approach with multi-tag for tracing ICMP-based DoS attacks
This paper presents a dynamic probabilistic marking algorithm with multiple routing address tags, which allows the victim to traceback the origin of ICMP (Internet Control Message Protocol)-based direct and reflective DoS attacks. The proposed approach makes full use of scalable data space of ICMP packet to achieve multiple information tags. The difference between this proposal and previous proposals lies in two points. First, the number of packets needed by the victim to reconstruct the attack path is greatly reduced because of three key mechanisms: multi-tag, uniform leftover probability, and tag location choice based on the module of accommodated tag numbers within a packet. Second, the true origin of both direct and reflective ICMP-based DoS attacks can be traced.
Key wordsnetwork security denial of service IP traceback dynamic probabilistic marking multi-tag
CLC numberTP 305
Unable to display preview. Download preview PDF.
- Vincent S, Immanuel J, Raja J. A survey of IP traceback mechanisms to overcome denial-of-service attacks [C]// 12th International Conference on Networking, VLSI and Signal Processing (ICNVS’10). Cambrige: World Scientific and Engineering Academy and Society (WSEAS), 2010.Google Scholar
- Jiang H, Li M Z, Wang X. A PPM probabilistic packet marking improving scheme [J]. Journal of Shandong University (Natural Science Edition), 2011, 46(9): 85–88(Ch).Google Scholar
- Guerid H, Serhrouchni A, Achemlal M, et al. A Novel Traceback Approach for Direct and Reflected ICMP Attacks [C]//2011 Conference on Network and Information Systems Security (SAR-SSI). Piscataway: IEEE Press, 2011.Google Scholar
- Katz-Bassett E. Practical reverse traceroute [EB/OL]. [2013-01-15]. http://www.nanog.org/meetings/nanog45/pr-esentations/Tuesday/Katz_reversetraceroute_N45.pdf.