IP traceback through authenticated deterministic flow marking: an empirical evaluationReportar como inadecuado

IP traceback through authenticated deterministic flow marking: an empirical evaluation - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

EURASIP Journal on Information Security

, 2013:5

Cyber-Crime: New Trends, Challenges and DetectionSI: Cyber-Crime: New Trends, Challenges and Detection


In this paper, we present a novel approach to IP traceback - deterministic flow marking DFM. We evaluate this novel approach against two well-known IP traceback schemes. These are the probabilistic packet marking PPM and the deterministic packet marking DPM techniques. In order to do so, we analyzed these techniques in detail in terms of their performances and feasibilities on five Internet traces. These traces consist of Darpa 1999 traffic traces, CAIDA October 2012 traffic traces, MAWI December 2012 traffic traces, and Dal2010 traffic traces. We have employed 16 performance metrics to evaluate their performances. The empirical results show that the novel DFM technique can reduce the number of marked packets by 91% compared to the DPM, while achieving the same or better performance in terms of its ability to trace back the attack. Additionally, DFM provides an optional authentication so that a compromised router cannot forge markings of other uncompromised routers. Unlike PPM and DPM that trace the attack up to the ingress interface of the edge router close to the attacker, DFM allows the victim to trace the origin of incorrect or spoofed source addresses up to the attacker node, even if the attack has been originated from a network behind a network address translation NAT server. Our results show that DFM can reach up to approximately 99% traceback rate with no false positives.

KeywordsFlow base IP traceback DDoS attacks Deterministic flow marking Authenticated flow marking Security Electronic supplementary materialThe online version of this article doi:10.1186-1687-417X-2013-5 contains supplementary material, which is available to authorized users.

Download fulltext PDF

Autor: Vahid Aghaei-Foroushani - A Nur Zincir-Heywood

Fuente: https://link.springer.com/

Documentos relacionados