Advertisement

A Study on Marking Bit Size for Path Identification Method: Deploying the Pi Filter at the End Host

  • Soon-Dong Kim
  • Man-Pyo Hong
  • Dong-Kyoo Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3046)

Abstract

Recently, DDoS attacks are more and more serious to the Internet. Many specialists research the defending methods against DDoS. Pi had been proposed as one of the defense methods against complicated DDoS attack by spoofed IP address. Pi is a new packet marking approach, and Pi enables a victim to identify packets traversing the same paths through the Internet on a per packet basis, regardless of source IP address spoofing. Marking size of Pi is the most important parameter of Pi marking scheme to decide the performance of Pi. At the end hosts’ view, the most proper marking size of Pi is affected by the Internet environment and its topology. In existing Pi scheme, Pi filter deployed on the ISP’s side of the last hop link, but this paper consider the Pi filter deployed at end host in the ISP and tried to find the most proper marking size.

Keywords

False Negative Rate Identification Field Incoming Packet Path Identification False Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Yaar, A., Perrig, A., Song, D.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: Proceeding of Symposium on Security and Privacy 2003, pp. 93–107 (2003)Google Scholar
  2. 2.
  3. 3.
    Chen, Z., Lee, M.: An IP traceback technique against denial-of-service attacks. In: Proceeding of 19th Annual Computer Security Applications Conference, pp. 96–104 (2003)Google Scholar
  4. 4.
    Berkeley University. The Spread of the Sapphire/Slammer Worm (2002), http://www.cs.berkeley.edu/~nweaver/sapphire/
  5. 5.
    Computer Emergency Response Team(CERT). TCP_SYN flooding and IP spoofing attacks. Technical Report CA-96:21. Carnegie Mellon University. Pittsburgh, PA (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Soon-Dong Kim
    • 1
  • Man-Pyo Hong
    • 1
  • Dong-Kyoo Kim
    • 2
  1. 1.Graduate School of Information CommunicationAjou UniversitySuwonKorea
  2. 2.College of Information TechnologyAjou UniversitySuwonKorea

Personalised recommendations