A Novel Hybrid IP Traceback Scheme with Packet Counters
In this paper we shall propose a novel hybrid IP traceback scheme with packet counters. In our scheme, a (packet) counter is used to improve correlation of packet sampling in order to reconstruct the attack tree efficiently. Our scheme has the remarkable advantages: (1) it is simple and efficient, (2) it is significantly resistant to attacks, (3) it requires a lower sampling rate compared with previous work, e.g., only 1% is enough, (4) its false positive/negative rates are also lower.
KeywordsHash Function Sampling Probability Conditional Entropy Packet Header Attack Tree
Unable to display preview. Download preview PDF.
- 1.Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys 39(1) (April 2007)Google Scholar
- 4.Gong, C., Sarac, K.: Toward a practical packet marking approach for IP traceback. International Journal of Network Security 8(3), 271–281 (2009)Google Scholar
- 5.Li, J., Sung, M., Xu, J., Li, L.: Large-scale IP traceback in high-speed Internet: Practical techniques and theoretical foundation. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 115–129 (May 2004)Google Scholar
- 6.Savage, S., Wetherall, D., Karlin, A.R., Anderson, T.: Practical network support for IP traceback. In: Proceedings of the ACM SIGCOMM, pp. 295–306 (2000)Google Scholar
- 7.Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-based IP traceback. In: Proceedings of the ACM SIGCOMM, pp. 3–14 (2001)Google Scholar
- 9.Mitzenmacher, M., Upfal, E.: Probability and Computing: Randomized Algorithms and Probabilistic Analysis. Cambridge University Press (2005)Google Scholar
- 10.CAIDA: Skitter project, http://www.caida.org/tools/measurement/skitter/