More Web Proxy on the site http://driver.im/

Article

Efficient packet marking for large-scale IP traceback

Author:

Michael T. GoodrichAuthors Info & Claims

CCS '02: Proceedings of the 9th ACM conference on Computer and communications security

Pages 117 - 126

https://doi.org/10.1145/586110.586128

Published: 18 November 2002 Publication History

Abstract

We present a new approach to IP traceback based on the probabilistic packet marking paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to "link" message fragments in a way that is highly scalable, for the checksums serve both as associative addresses and data integrity verifiers. The main advantage of these checksum cords is that they spread the addresses of possible router messages across a spectrum that is too large for the attacker to easily create messages that collide with legitimate messages. Our methods therefore scale to attack trees containing hundreds of routers and do not require that a victim know the topology of the attack tree a priori. In addition, by utilizing authenticated dictionaries in a novel way, our methods do not require routers sign any setup messages individually.

References

[1]

M. Adler. Tradeoffs in probabilistic packet marking for IP traceback. In 34th ACM Symposium Theory of Computing (STOC), 2002.

Digital Library

[2]

A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia. Persistent authenticated dictionaries and their applications. In Information Security Conference (ISC 2001), LNCS 2200, 379--393, 2001.

Digital Library

[3]

T. Baba and S. Matsuda. Tracing network attacks to their sources. IEEE Internet Computing, 6(2):20--26, 2002.

Digital Library

[4]

S. M. Bellovin. ICMP traceback messages. In Work in Progress, Internet Draft draft-bellovin-itrace-00.txt, March 2000.

[5]

H. Burch and B. Cheswick. Tracing anonymous packets to their approximate source. In Usenix LISA (New Orleans) Conference, 313--322, 2000.

Digital Library

[6]

R. Cohen, M. T. Goodrich, R. Tamassia, and N. Triandopoulos. Authenticated data structures for graph and geometric searching. Technical report, Brown University, 2001.

[7]

D. Dean, M. Franklin, and A. Stubblefield. An algebraic approach to IP traceback. In Network and Distributed System Security Symposium (NDSS), 3--12, 2001.

[8]

P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic third-party data publication. In Fourteenth IFIP 11.3 Conference on Database Security, 2000.

Digital Library

[9]

M. T. Goodrich, R. Tamassia, and A. Schwerin. Implementation of an authenticated dictionary with skip lists and commutative hashing. In 2001 DARPA Information Survivability Conference and Exposition, vol. 2, 68--82, 2001.

[10]

J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Network and Distributed System Security Symposium. The Internet Society, 2002.

[11]

D. E. Knuth. Fundamental Algorithms, vol. 1 of The Art of Computer Programming. Addison-Wesley, Reading, MA, 2nd edition, 1973.

Digital Library

[12]

L. Lamport. Password authentication with insecure communication. Communications of the ACM, 24(11):770--772, 1981.

Digital Library

[13]

D. Moore, G. Voelker, and S. Savage. Inferring internet denial-of-service activity. In Usenix Security Symposium, 2001.

Digital Library

[14]

R. Motwani and P. Raghavan. Randomized Algorithms. Cambridge University Press, New York, NY, 1995.

Digital Library

[15]

M. Naor and K. Nissim. Certificate revocation and certificate update. In 7th USENIX Security Symposium (SECURITY-98), 217--228, Berkeley, 1998.

Digital Library

[16]

K. Park and H. Lee. The effectiveness of probabilistic packet marking for IP traceback under denial of service attack, 2000.

[17]

V. Paxson. An analysis of using reflectors for distributed denial-of-service attacks. ACM Computer Communications Review (CCR), 31(3), July 2001.

Digital Library

[18]

J. Postel. Internet protocol, 1981.

[19]

S. Savage, D. Wetherall, A. R. Karlin, and T. Anderson. Practical network support for IP traceback. In SIGCOMM, 295--306, 2000.

Digital Library

[20]

A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-based IP traceback. In ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, 2001.

Digital Library

[21]

D. Song and A. Perrig. Advanced and authenticated marking schemes for IP traceback. In IEEE Infocomm, 2001.

[22]

R. Stone. Centertrack: An IP overlay network for tracking DoS floods. In 9th USENIX Security Symposium, August 2000.

Digital Library

Cited By

Patil RPatil YDespande HBannore A(2024)Proactive cyber defense through a comprehensive forensic layer for cybercrime attributionInternational Journal of Information Technology10.1007/s41870-024-01947-216:6(3555-3572)Online publication date: 5-Jun-2024
https://doi.org/10.1007/s41870-024-01947-2
Kalangi RSyam Sundar PMaloji SHasane Ahammad S(2021)A Hybrid IP Trace Back Mechanism To Pinpoint The Attacker2021 Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC52330.2021.9640630(1613-1618)Online publication date: 11-Nov-2021
https://doi.org/10.1109/I-SMAC52330.2021.9640630
Kulandaivel MArulanand N(2021)Network Support for IP Trace Back Model in Wireless Sensor Networks Using Quantum Annealing MethodWireless Personal Communications10.1007/s11277-021-09315-0123:4(3807-3821)Online publication date: 1-Nov-2021
https://doi.org/10.1007/s11277-021-09315-0
Show More Cited By

Index Terms

Efficient packet marking for large-scale IP traceback
1. Networks
  1. Network protocols

Recommendations

Dynamic probabilistic packet marking for efficient IP traceback

Recently, denial-of-service (DoS) attack has become a pressing problem due to the lack of an efficient method to locate the real attackers and ease of launching an attack with readily available source codes on the Internet. Traceback is a subtle scheme ...
Probabilistic packet marking for large-scale IP traceback

This paper presents an approach to IP traceback based on the probabilistic packet marking paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to "link" message fragments in a way that is highly scalable, for the checksums ...
A secure packet marking scheme for IP traceback in IPv6
ICACCI '12: Proceedings of the International Conference on Advances in Computing, Communications and Informatics

The growing threat of cyber attacks, especially the DDoS (Distributed Denial of Service Attack) makes the IP Traceback very much prevalent to today's Internet security. IP Traceback is one of the security concerns that is associated with finding out the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '02: Proceedings of the 9th ACM conference on Computer and communications security

November 2002

284 pages

ISBN:1581136129

DOI:10.1145/586110

Editor:
Vijay Atluri
Rutgers University
,
General Chair:
Sushil Jajodia
George Mason University
,
Program Chair:
Ravi Sandhu
SingleSignOn.Net and George Mason University

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 November 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS02

Sponsor:

CCS02: ACM Conference on Computer and Communications Security

November 18 - 22, 2002

Washington, DC, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

76
Total Citations
View Citations
1,369
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)2

Reflects downloads up to 26 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Patil RPatil YDespande HBannore A(2024)Proactive cyber defense through a comprehensive forensic layer for cybercrime attributionInternational Journal of Information Technology10.1007/s41870-024-01947-216:6(3555-3572)Online publication date: 5-Jun-2024
https://doi.org/10.1007/s41870-024-01947-2
Kalangi RSyam Sundar PMaloji SHasane Ahammad S(2021)A Hybrid IP Trace Back Mechanism To Pinpoint The Attacker2021 Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC52330.2021.9640630(1613-1618)Online publication date: 11-Nov-2021
https://doi.org/10.1109/I-SMAC52330.2021.9640630
Kulandaivel MArulanand N(2021)Network Support for IP Trace Back Model in Wireless Sensor Networks Using Quantum Annealing MethodWireless Personal Communications10.1007/s11277-021-09315-0123:4(3807-3821)Online publication date: 1-Nov-2021
https://doi.org/10.1007/s11277-021-09315-0
Lian YLei ZCong TBei ZChen ZLijun L(2020)Repeatedly Coding Inter-Packet Delay for Tracking Down Network AttacksInternational Journal of Performability Engineering10.23940/ijpe.20.02.p10.26528316:2(265)Online publication date: 2020
https://doi.org/10.23940/ijpe.20.02.p10.265283
Bu KLaird AYang YCheng LLuo JLi YRen K(2020)Unveiling the Mystery of Internet Packet ForwardingACM Computing Surveys10.1145/340979653:5(1-34)Online publication date: 28-Sep-2020
https://dl.acm.org/doi/10.1145/3409796
Praveena VKarthick SJeon G(2020)Hybrid Approach for IP Traceback Analysis in Wireless NetworksWireless Personal Communications10.1007/s11277-020-07183-8Online publication date: 28-Jan-2020
https://doi.org/10.1007/s11277-020-07183-8
Shioda S(2020)Coupon Subset Collection Problem with QuotasMethodology and Computing in Applied Probability10.1007/s11009-020-09811-zOnline publication date: 27-Jul-2020
https://doi.org/10.1007/s11009-020-09811-z
Berbecaru D(2018)On Creating Digital Evidence in IP Networks With NetTrackHandbook of Research on Network Forensics and Analysis Techniques10.4018/978-1-5225-4100-4.ch012(225-245)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-4100-4.ch012
Ahmed SMedhi N(2018)A Flow Marking Based Anti-spoofing Mechanism (FMAS) Using SDN ApproachProgress in Advanced Computing and Intelligent Engineering10.1007/978-981-10-6872-0_23(245-255)Online publication date: 9-Feb-2018
https://doi.org/10.1007/978-981-10-6872-0_23
Santhosh KFancy C(2017)A dedicated setup to identify spoofing via IP-traceback2017 International Conference on Intelligent Sustainable Systems (ICISS)10.1109/ISS1.2017.8389316(933-938)Online publication date: Dec-2017
https://doi.org/10.1109/ISS1.2017.8389316
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents