Abstract
DDoS attack source traceback is an open and challenging problem. Deterministic packet marking (DPM) is a simple and relatively effective traceback scheme among the available traceback methods. However, the existing DPM schemes inheret a critical drawback of scalability in tracing all possible attack sources, which roots at their static mark encoding and attempt to mark all Internet routers for their traceback purpose. We find that a DDoS attack session usually involves a limited number of attack sources, e.g. at the thousand level. In order to achieve the traceback goal, we only need to mark these attack related routers. We therefore propose a novel Marking on Demand (MOD) scheme based on the DPM mechanism to dynamical distribute marking IDs in both temporal and space dimensions. The proposed MOD scheme can traceback to all possible sources of DDoS attacks, which is not possible for the existing DPM schemes. We thoroughly compare the proposed MOD scheme with two dominant DPM schemes through theoretical analysis and experiments. The the results demonstrate that the MOD scheme outperforms the existing DPM schemes.
Original language | English |
---|---|
Title of host publication | 2013 IEEE Global Communications Conference, GLOBECOM 2013 |
Publisher | IEEE |
Pages | 729-734 |
Number of pages | 6 |
ISBN (Print) | 9781479913534 |
DOIs | |
Publication status | Published - 1 Jan 2013 |
Externally published | Yes |
Event | 2013 IEEE Global Communications Conference, GLOBECOM 2013 - Atlanta, GA, United States Duration: 9 Dec 2013 → 13 Dec 2013 |
Conference
Conference | 2013 IEEE Global Communications Conference, GLOBECOM 2013 |
---|---|
Country/Territory | United States |
City | Atlanta, GA |
Period | 9/12/13 → 13/12/13 |
Keywords
- DDoS
- Deterministic packet marking
- traceback
ASJC Scopus subject areas
- Electrical and Electronic Engineering