Abstract
Distributed Denial of Service Attacks continue to pose major threats to the Internet. in order to traceback attack sources (i.e., IP addresses), a well-studied approach is Probabilistic Packet Marking (PPM), where each intermediate router of a packet marks it with a certain probability, enabling a victim host to traceback the attack source. in a recent study, we showed how attackers can take advantage of probabilistic nature of packet markings in existing PPM schemes to create spoofed marks, hence compromising traceback. in this paper, we propose a new PPM scheme called TTL-Based PPM (TPM) scheme, where each packet is marked with a probability inversely proportional to the distance traversed by the packet so far. Thus, packets that have to traverse longer distances are marked with higher probability, compared to those that have to traverse shorter distances. This ensures that a packet is marked with much higher probability by intermediate routers than by traditional mechanisms, hence reducing the effectiveness of spoofed packets reaching victims. using formal analysis and simulations using real Internet topology maps, we show how our TPM scheme can effectively trace DDoS attackers even in presence of spoofing when compared to existing schemes. © 2008 IEEE.
Recommended Citation
V. Paruchuri et al., "TTL based Packet Marking for IP Traceback," GLOBECOM - IEEE Global Telecommunications Conference, pp. 2552 - 2556, article no. 4698265, Institute of Electrical and Electronics Engineers, Dec 2008.
The definitive version is available at https://doi.org/10.1109/GLOCOM.2008.ECP.490
Department(s)
Computer Science
International Standard Book Number (ISBN)
978-142442324-8
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2024 Institute of Electrical and Electronics Engineers, All rights reserved.
Publication Date
01 Dec 2008
