article

Probabilistic packet marking for large-scale IP traceback

Author:

Michael T. GoodrichAuthors Info & Claims

IEEE/ACM Transactions on Networking (TON), Volume 16, Issue 1

Pages 15 - 24

https://doi.org/10.1109/TNET.2007.910594

Published: 01 February 2008 Publication History

Get Access

Abstract

This paper presents an approach to IP traceback based on the probabilistic packet marking paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to "link" message fragments in a way that is highly scalable, for the checksums serve both as associative addresses and data integrity verifiers. The main advantage of these checksum cords is that they spread the addresses of possible router messages across a spectrum that is too large for the attacker to easily create messages that collide with legitimate messages.

References

[1]

{1} A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia, "Persistent authenticated dictionaries and their applications," in Proc. Information Security Conf. (ISC 2001), 2001, vol. LNCS 2200, pp. 379-393, Springer-Verlag.

Crossref

Google Scholar

[2]

{2} T. Baba and S. Matsuda, "Tracing network attacks to their sources," IEEE Internet Computing, vol. 6, no. 2, pp. 20-26, 2002.

Crossref

Google Scholar

[3]

{3} S. M. Bellovin, "ICMP traceback messages," work in Progress, Internet Draft draft-bellovin-itrace-00.txt, Mar. 2000.

Google Scholar

[4]

{4} H. Burch and B. Cheswick, "Tracing anonymous packets to their approximate source," in Proc. Usenix LISA (New Orleans) Conf., 2000, pp. 313-322.

Crossref

Google Scholar

[5]

{5} D. Dean, M. Franklin, and A. Stubblefield, "An algebraic approach to IP traceback," in Proc. Network and Distributed System Security Symp. (NDSS), 2001, pp. 3-12.

Google Scholar

[6]

{6} M. T. Goodrich, "Efficient packet marking for large-scale IP traceback," in Proc. 9th ACM Conf. Computer and Communications Security (CCS), 2002, pp. 117-126.

Crossref

Google Scholar

[7]

{7} M. T. Goodrich, R. Tamassia, and A. Schwerin, "Implementation of an authenticated dictionary with skip lists and commutative hashing," in Proc. 2001 DARPA Information Survivability Conf. Expo., 2001, vol. 2, pp. 68-82.

Google Scholar

[8]

{8} J. Ioannidis and S. M. Bellovin, "Implementing Pushback: Router-based defense against DDOS attacks," in Proc. Network and Distributed System Security Symp., 2002.

Google Scholar

[9]

{9} T. K. T. Law, D. K. Y. Yau, and J. C. S. Lui, "You can run, but you can't hide: An effective statistical methodology to trace back DDOS attackers," IEEE Trans. Parallel Distrib. Syst., vol. 16, no. 9, pp. 799-813, Sep. 2005.

Crossref

Google Scholar

[10]

{10} R. Motwani and P. Raghavan, Randomized Algorithms. New York: Cambridge Univ. Press, 1995.

Crossref

Google Scholar

[11]

{11} S. Savage, D. Wetherall, A. R. Karlin, and T. Anderson, "Practical network support for IP traceback," in Proc. ACM SIGCOMM, 2000, pp. 295-306.

Crossref

Google Scholar

[12]

{12} A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer, "Hash-based IP traceback," in Proc. ACM SIGCOMM 2001 Conf. Applications, Technologies, Architectures, and Protocols for Computer Communication, San Diego, CA, 2001.

Crossref

Google Scholar

[13]

{13} D. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," in Proc. IEEE INFOCOM, 2001, pp. 878-886.

Google Scholar

[14]

{14} R. Stone, "Centertrack: An IP overlay network for tracking DoS floods," in Proc. 9th USENIX Security Symp., Denver, CO, Aug. 2000.

Crossref

Google Scholar

Cited By

View all

Adei DMadathil VPrasad SReaves BScafuro ALuo BLiao XXu JKirda ELie D(2024)Jäger: Automated Telephone Call TracebackProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690290(2042-2056)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690290
Sajeev SBansal MS.V. SJagadeesh HSaran HHu Y(2022)Secure and ultra-reliable provenance recovery in sparse networksAd Hoc Networks10.1016/j.adhoc.2022.102860131:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.adhoc.2022.102860
Xiao FChen EXu QZhang X(2021)ICSTraceSecurity and Communication Networks10.1155/2021/75250922021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/7525092
Show More Cited By

Index Terms

Probabilistic packet marking for large-scale IP traceback
1. Software and its engineering
  1. Software creation and management
    1. Software development techniques
      1. Error handling and recovery
2. Theory of computation
  1. Models of computation
    1. Probabilistic computation

Recommendations

Dynamic probabilistic packet marking for efficient IP traceback

Recently, denial-of-service (DoS) attack has become a pressing problem due to the lack of an efficient method to locate the real attackers and ease of launching an attack with readily available source codes on the Internet. Traceback is a subtle scheme ...
Efficient packet marking for large-scale IP traceback
CCS '02: Proceedings of the 9th ACM conference on Computer and communications security

We present a new approach to IP traceback based on the probabilistic packet marking paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to "link" message fragments in a way that is highly scalable, for the checksums serve ...
Performance analysis of probabilistic packet marking in IPv6

Probabilistic packet marking (PPM) has received considerable attention as an IP traceback approach against distributed Denial-of-Service attack, which is one of the most challenging security threat in the Internet. PPM is a technique that seeks to ...

Comments

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 16, Issue 1

February 2008

245 pages

ISSN:1063-6692

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 February 2008

Published in TON Volume 16, Issue 1

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
402
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Adei DMadathil VPrasad SReaves BScafuro ALuo BLiao XXu JKirda ELie D(2024)Jäger: Automated Telephone Call TracebackProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690290(2042-2056)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690290
Sajeev SBansal MS.V. SJagadeesh HSaran HHu Y(2022)Secure and ultra-reliable provenance recovery in sparse networksAd Hoc Networks10.1016/j.adhoc.2022.102860131:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.adhoc.2022.102860
Xiao FChen EXu QZhang X(2021)ICSTraceSecurity and Communication Networks10.1155/2021/75250922021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/7525092
Agrawal NTapaswi S(2021)An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing EnvironmentJournal of Network and Systems Management10.1007/s10922-020-09580-729:2Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s10922-020-09580-7
Xu QAkhtar RZhang XWang C(2018)Cluster-Based Arithmetic Coding for Data Provenance Compression in Wireless Sensor NetworksWireless Communications & Mobile Computing10.1155/2018/95769782018Online publication date: 27-Jun-2018
https://dl.acm.org/doi/10.1155/2018/9576978
Ramanathan SMirkovic JYu MZhang Y(2018)SENSS Against Volumetric DDoS AttacksProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274717(266-277)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1145/3274694.3274717
Nur ATozal M(2018)Record route IP tracebackComputers and Security10.1016/j.cose.2017.08.01272:C(13-25)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.cose.2017.08.012
(2017)A learning-based hybrid framework for detection and defence of DDoS attacksInternational Journal of Internet Protocol Technology10.1504/IJIPT.2017.08303610:1(51-60)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1504/IJIPT.2017.083036
Cheng LDivakaran DWooi Kiak Ang ALim WThing V(2017)FACTIEEE Transactions on Information Forensics and Security10.1109/TIFS.2016.262474112:3(604-616)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1109/TIFS.2016.2624741
Cheng LDivakaran DLim WThing V(2016)Opportunistic Piggyback Marking for IP TracebackIEEE Transactions on Information Forensics and Security10.1109/TIFS.2015.249129911:2(273-288)Online publication date: 1-Feb-2016
https://dl.acm.org/doi/10.1109/TIFS.2015.2491299
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Dynamic probabilistic packet marking for efficient IP traceback

Efficient packet marking for large-scale IP traceback

Performance analysis of probabilistic packet marking in IPv6

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations