A New Scheme for IP Traceback under DoS Attack
The problem of identifying the sources of a Denial of Service attack is among the hardest in the Internet security area, since attackers often use spoofed source IP addresses. This paper presents a new scheme called MAC-based probabilistic packet marking (MPPM) for IP Traceback under DoS attack. A router marks the packets stochastically with fragments of an edge composed of itself and the next hop router. Message authentication code (MAC) is used to link and authenticate fragments of routers addresses in the marked attack packets. The main advantage of MPPM over known PPM schemes includes less attack packets required to converge, linear computation overhead and more precision. Moreover the optional authentication mechanism provides robustness against faked marks.MPPM also features low router cost and supports incremental deployment.
DDoS IP traceback probabilistic packet marking
Tian Haitao Huang Liusheng Lei Yunfei Chen Guoliang
Department of Computer Science and Technology University of Science and Technology of China, Hefei, 230027, China
国际会议
成都
英文
189-193
2003-08-27(万方平台首次上网日期,不代表论文的发表时间)