A Fast Deterministic Packet Marking Scheme for IP Traceback
A Fast Deterministic Packet Marking scheme (FDPM) for IP traceback against distributed denial of service attacks is presented, which applies a novel marking algorithm and significantly improves IP traceback in two aspects: (1) the victim doesnt need to accommodate fragments for recovery, so it needs several packets to identify an ingress router with lower false positives; (2) FDPM can scales to large distributed attacks with thousands of attackers. Theoretical analysis and the pseudo code are provided. Compared with previous DPM schemes, average convergence time of FDPM decreased by 86.3% packets or even more. Therefore FDPM is more efficient and represents a step forward in performance.
network security distributed denial of service IP traceback deterministic packet marking
Wang Xiao-jing Hu Chang-zhen Hu he
Lab of Computer Network Defense Technology, Beijing Institute of Technology, Beijing 100081, China X Lab of Computer Network Defense Technology, Beijing Institute of Technology, Beijing 100081, China
国际会议
武汉
英文
1208-1211
2009-11-18(万方平台首次上网日期,不代表论文的发表时间)