Abstract
Defending against denial-of-service(DoS) attacks is one of the hardest security problems on the Internet today. One difficulty to thwart these attacks is totrace the source of the attacks because they often use incorrect, or spoofed IP source addresses to disguise the true origin Traceback mechanisms are a critical part of the defense against IP spoofing and DoS attacks, as well as being of forensic value to law enforcement. Currently proposed IP traceback mechanisms are inadequate to address the traceback. problem for the following reasons: they require DoS victims to gather thousands of packets to reconstruct a single attack path; they do not scale to large scale Distributed DoS attacks; and they do not support incremental deployment. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Marking Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin, we were able to decrease the number of needed packets to traceback the IP address.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Adler, M.: Tradeoffs in probabilistic packet marking for IP traceback. In: Proceedings of 34th ACM Symposium on Theory of Computing (STOC) (2002)
Bellovin, S., Leech, M., Taylor, T.: The ICMP traceback message. Internet-Draft, draft-ietf-itrace-01.txt (October 2001), Work in progress, available at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-itrace-01.txt
Burch, H., Cheswick, B.: Tracing anonymous packets to their approximate source (unpublished paper) (December 1999)
Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to IP traceback. ACM Transactions on Information and System Security (May 2002)
Goodrich, M.: Efficient packet marking for large-scale IP traceback. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, November 2001, pp. 117–126 (2001)
Lee, H., Park, K.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: Proceedings IEEE Infocomm 2001 (April 2001)
Li, J., Sung, M., Xu, J., Li, L.: Large-scale IP traceback in high-speed Internet: Practical techniques and theoretical foundation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2004)
Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. Computer Communication Review 31(3) (July 2001)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proceedings of ACM SIGCOMM 2000 (August 2000)
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Timothy Strayer, W.: Hash-based IP traceback. In: Proceedings of ACM SIGCOMM 2001, August 2001, pp. 3–14 (2001)
Song, D., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings IEEE Infocomm 2001 (April 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, BR., Kim, KC. (2006). Improved Technique of IP Address Fragmentation Strategies for DoS Attack Traceback. In: Grigoriev, D., Harrison, J., Hirsch, E.A. (eds) Computer Science – Theory and Applications. CSR 2006. Lecture Notes in Computer Science, vol 3967. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11753728_43
Download citation
DOI: https://doi.org/10.1007/11753728_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34166-6
Online ISBN: 978-3-540-34168-0
eBook Packages: Computer ScienceComputer Science (R0)