A Study on Marking Bit Size for Path Identification Method: Deploying the Pi Filter at the End Host
Recently, DDoS attacks are more and more serious to the Internet. Many specialists research the defending methods against DDoS. Pi had been proposed as one of the defense methods against complicated DDoS attack by spoofed IP address. Pi is a new packet marking approach, and Pi enables a victim to identify packets traversing the same paths through the Internet on a per packet basis, regardless of source IP address spoofing. Marking size of Pi is the most important parameter of Pi marking scheme to decide the performance of Pi. At the end hosts’ view, the most proper marking size of Pi is affected by the Internet environment and its topology. In existing Pi scheme, Pi filter deployed on the ISP’s side of the last hop link, but this paper consider the Pi filter deployed at end host in the ISP and tried to find the most proper marking size.
KeywordsFalse Negative Rate Identification Field Incoming Packet Path Identification False Rate
Unable to display preview. Download preview PDF.
- 1.Yaar, A., Perrig, A., Song, D.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: Proceeding of Symposium on Security and Privacy 2003, pp. 93–107 (2003)Google Scholar
- 2.CAIDA. Skitter (2000), http://www.caida.org/tools/measurement/skitter/
- 3.Chen, Z., Lee, M.: An IP traceback technique against denial-of-service attacks. In: Proceeding of 19th Annual Computer Security Applications Conference, pp. 96–104 (2003)Google Scholar
- 4.Berkeley University. The Spread of the Sapphire/Slammer Worm (2002), http://www.cs.berkeley.edu/~nweaver/sapphire/
- 5.Computer Emergency Response Team(CERT). TCP_SYN flooding and IP spoofing attacks. Technical Report CA-96:21. Carnegie Mellon University. Pittsburgh, PA (1996)Google Scholar