Shigeo Shioda
ABSTRACT
We study the performance of the fragment-marking-based probabilistic packet marking (PPM) for the IP traceback. In the fragment-marking-based PPM, each router splits its IP-address or its hash value into multiple fragments and, in the case of marking, it randomly chooses one of fragments to write into the Identification field of a packet to forward. In the fragment marking, the Identification field is partitioned into three small fields; a bid-bit field (fragment-ID field) storing the index of fragments, a bd-bit field (distance field) storing the hop distance between the victim to the marking router, and a (16 -- bid -- bd)-bit field (fragment field) storing a fragment. In this paper, we theoretically investigate the dependence of the performance of the fragment-marking-based PPM on parameters including bid and bd. In particular, we derive explicit representations of the false positive and negative ratios of the fragment marking, which are expressed by bd, bid, and some other parameters. Based on the derived representations, we study how to select parameter values to have better performance of the fragment marking.
- M. Adler. Trade-offs in probabilistic packet marking. Journal of the ACM, 52(2):217--244, 2005. Google Scholar
Digital Library
- M. Adler, J. Edmons, and J. Matousek. Towards asymptotic optimality in probabilistic packet marking. In Proceedings of the ACM Symposium on Theory of Computing, pages 450--459, 2002. Google ScholarDigital Library
- H. Burch and B. Cheswick. Tracing anonymous packets to their approximate source. In Proceedings of the Usenix, 2000. Google ScholarDigital Library
- D. Dean and M. Franklin. An algebraic approach to IP traceback. ACM Transactions on Information and System Security, 5:119--137, 2002. Google ScholarDigital Library
- W. Feller. An Introduction to Probability Theory and Its Applications, 2nd ed., volume 1. New York: Wiley, 1966.Google Scholar
- M. Goodrich. Efficient packet marking for large-scale IP traceback. In Proceedings of the 9th ACM Conference on Computer and Communication Security, pages 117--126, 2002. Google ScholarDigital Library
- D. Moore, G. Voelker, and S. Savage. Inferring Internet denial-of-service activity. In Proceedings of the Usenix Security Symposium, 2001. Google ScholarDigital Library
- K. Park and H. Lee. On the effectiveness of probabilistic packet marking for IP traceback under Denial of Service attack. IEEE INFOCOM, 2001.Google Scholar
- A. Savage, D. Wetherall, A. Karlin, and T. Anderson. Network support for IP traceback. IEEE/ACM Trans. Networking, 9(3):226--237, 2001. Google ScholarDigital Library
- S. Shioda. Some upper and lower bounds on the coupon collector problem. Journal of Computational and Applied Mathematics, 200(1):154--167, 2007. Google ScholarDigital Library
- D. Song and A. Perrig. Advanced and authenticated techniques for IP traceback. IEEE INFOCOM, 2001.Google Scholar
- A. Yaar, A. Perrig, and D. Song. FIT: Fast Internet traceback. IEEE INFOCOM, 2005.Google ScholarCross Ref
Index Terms
- A theoretical approach to parameter value selection of probabilistic packet marking for IP traceback
Recommendations
Dynamic probabilistic packet marking for efficient IP traceback
Recently, denial-of-service (DoS) attack has become a pressing problem due to the lack of an efficient method to locate the real attackers and ease of launching an attack with readily available source codes on the Internet. Traceback is a subtle scheme ...
A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking
Tracing IP packets to their origins is an important step in defending Internet against denial-of-service attacks. Two kinds of IP traceback techniques have been proposed as packet marking and packet logging. In packet marking, routers probabilistically ...
Deterministic packet marking with link signatures for IP traceback
Inscrypt'06: Proceedings of the Second SKLOIS conference on Information Security and CryptologyProbabilistic Packet Marking algorithm, one promising solution to the IP traceback problem, uses one fixed marking space to store router information. Since this fixed space is not sufficient for storing all routers information, each router writes its ...
Comments