Deterministic Packet Marking Based on the Coordination of Border Gateways
Mainly aiming at tracing DoS and DDoS attack, the current IP traceback methods has not yet had a good scheme for tracing single packet attack; and most of them enable the marking routers to mark the packet independently, regardless of making the marking routers work together to improve the traceback performance. In view of these insufficiencies, we propose a traceback method named CDPM which is based on the coordination of border gateways. CDPM can identify the forged path information and adjust the marking strategy dynamically so as to reduce the impact on the network and trace different types of attacks (DoS, DDoS, single packet attack and so on). Finally, simulation results show that CDPM is able to reconstruct the attack path as well as own good feasibility and little influence on the end-to-end delay of IP packet.
deterministic packet marking border gateway denial of service distributed denial of service
Li Yonghui Wang Yulong Yang Fangchun Su Sen Yan Dong
State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications Beijing, China
国际会议
上海
英文
154-161
2010-06-22(万方平台首次上网日期,不代表论文的发表时间)