A hybrid scheme using packet marking and logging for IP traceback

Malliga, S.; Tamilarasi, A.

doi:10.1504/ijipt.2010.032617

Cited by 32 publications

(20 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hybrid techniques take the advantage of both marking and logging‐based techniques in order to reduce the number of marked packets and alleviate the high storage overhead on middle routers. In this regard, Duwairi et al proposed two hybrid traceback techniques, namely probabilistic pipelining packet marking (PPPM) and distributed link‐list traceback (DLLT) .…”

Section: Related Workmentioning

confidence: 99%

Design and performance analysis of an efficient single flow IP traceback technique in the AS level

Arjmandpanah-Kalat

Abbasinezhad-Mood

Mahrooghi

et al. 2020

Int J Communication

View full text Add to dashboard Cite

Network security is a major challenge for big and small companies. The Internet topology is vulnerable to Distributed Denial of Service (DDoS) attacks as it provides an opportunity to an attacker to send a large volume of traffic to a victim, which can limit its Internet availability. The main problem in the prevention of the DDoS attack, also known as the flooding attack, is how to find the source of traffic flooding. This is because the spoofed source Internet protocol (IP) address of packets is not affected on its routing. As a result, IP traceback techniques are proposed to find the source of attack and in general, to find the source of any packet. Doing so, the IP traceback techniques can help us to prevent the Denial of Service (DoS) and DDoS attacks. In this paper, we propose an efficient Single Flow IP Traceback (SFT) technique in the Autonomous System (AS) level. Furthermore, a path signature generation algorithm is presented for detecting and filtering the spoofed traffic. Our solution assumes a secure Border Gateway Protocol (BGP)-routing infrastructure for exchanging authenticated messages in order to learn the path signatures, and it uses a marking algorithm in the flow level for transmission of the traceback messages. Because in our technique less bits are required to mark the IP header packet, the required storage space for any unique path to the victim is significantly decreased. Compared with the other existing techniques, the obtained results demonstrate that our technique has the least marking rate, overhead processing on the middle nodes, and destination's computational cost while offering the highest accuracy in tracebacking attack.

show abstract

Section: Related Workmentioning

confidence: 99%

Design and performance analysis of an efficient single flow IP traceback technique in the AS level

Arjmandpanah-Kalat

Abbasinezhad-Mood

Mahrooghi

et al. 2020

Int J Communication

View full text Add to dashboard Cite

show abstract

“…HIT uses packet marking to cut back the amount of routers needed for logging. Huffman codes, Modulo/Reverse modulo Technique (MRT) [10] and MOdulo/REverse modulo (MORE) [11], these new schemes have proposed researchers to scale back the storage demand for router logging and to decrease the amount of routers needed for work. Since these schemes use interface numbers of routers for marking, they assume a router set comprising routers in an exceedingly network and need all the routers support the individual trace back schemes.…”

Section: Literature Revievmentioning

confidence: 99%

“…It encodes by Huffman coding in step with the traffic of every interface.Their analysis shows their scheme has higher performance once the traffic distribution for every interface is unequal. Malliga and Tamilarasi propose two traceback schemes, particularly MRT [10] and MORE [11]. MRT uses a 32-bit marking field, MORE uses a 16-bit marking field and separates a log table into elements.…”

Section: Literature Revievmentioning

confidence: 99%

A New Hybrid IP Traceback Scheme

D.¹,

M.²

2018

IJCA

View full text Add to dashboard Cite

Now days the Internet is exposed to a span of web threats, So the attack on its infrastructure poses a great challenge in its expansion. In the modern world various types of attacks are discovered on the Internet. IP spoofing is one of the major threats in the network security. Hackers use this to hide their identity or to perform an attack. IP spoofing used for many attacks like denial of service, SYN flooding and man in the middle attacks etc. It is necessary to capture or block the spoofers to defend against these attacks. Different IP trace back mechanisms are used for finding the spoofers identity. IP trace back scheme is a way used to catch the real path of web packets requiring a longer search so, a new hybrid IP trace back scheme is used with efficient packet logging aiming to have a fixed storage requirement for each router in packet logging without the need to refresh the logged tracking information and to achieve zero false positive and false negative rates in attack-path reconstruction. The hybrid IP trace back scheme compare with other related research in the aspects of storage requirement, computation, and accuracy. KeywordsNew hybrid IP trace back, CAIDA's , distributed denial of service attack ,packet logging, packet marking.

show abstract

“…[48]- [50] Inter-AS traceback Traceback information should be exchanged between different autonomous systems each of which implements different traceback mechanism for its networks [52]- [56] traceback system implementation. Note that the any Intra-AS traceback mechanism can be used as a building block to construct an Inter-AS traceback mechanism.…”

Section: Taxonomy Of Traceback Mechanismsmentioning

confidence: 99%

“…Based on hybrid traceback mechanisms, there are several variants for hybrid schemes that have been proposed by many researchers [49], [50].…”

Section: Hybrid Traceback Typementioning

confidence: 99%

Overview of Traceback Mechanisms and Their Applicability

Youm

2011

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYAs an increasing number of businesses and services depend on the Internet, protecting them against DDoS (Distributed Denial of Service) attacks becomes a critical issue. A traceback is used to discover technical information concerning the ingress points, paths, partial paths or sources of a packet or packets causing a problematic network event. The traceback mechanism is a useful tool to identify the attack source of the (DDoS) attack, which ultimately leads to preventing against the DDoS attack. There are numerous traceback mechanisms that have been proposed by many researchers. In this paper, we analyze the existing traceback mechanisms, describe the common security capabilities of traceback mechanisms, and evaluate them in terms of the various criteria. In addition, we identify typical application of traceback mechanisms.

show abstract

A hybrid scheme using packet marking and logging for IP traceback

Cited by 32 publications

References 14 publications

Design and performance analysis of an efficient single flow IP traceback technique in the AS level

Design and performance analysis of an efficient single flow IP traceback technique in the AS level

A New Hybrid IP Traceback Scheme

Overview of Traceback Mechanisms and Their Applicability

Contact Info

Product

Resources

About