Towards Improving an Algebraic Marking Scheme for Tracing DDoS Attacks.

In this paper, we identify the weaknesses of an existing algebraic marking scheme for tracing DDoS attacks, and propose an improved version of the marking scheme. ... When compared with other marking schemes, it requires fewer packets for attack paths reconstruction. ... This paper proposes an improved algebraic marking scheme which simplifies and improves the algebraic marking scheme [5] for a practical implementation. ...

dblp:journals/ijnsec/LeeHC09 fatcat:m2vtd6ojyfadtc3jwhugek3w44

Open Access

In order to counter DDoS and facilitate secure and reliable functioning of cyber societies, various types of traceback mechanisms have been proposed that trace the entire attack path or partial attack ... Among these activities, Distributed Denial of Services (DDoS), which imposes an excessive workload on network entities such as hosts, is one of the most devastating form of attacks and can cause complete ... For instance, an attacker may intentionally create a DDoS attack from third-party network by using a bot net and sue for compensatory damages with the traceback information as evidence. ...

doi:10.1109/bcfic-riga.2011.5733214 fatcat:urinubg7rjdcdlkrolk32e6n7y

Clearly, the current IP traceback technology is only the first step toward tackling DoS/DDoS attacks. An ideal tracing scheme has to make trade-offs among various factors. ... However, improving the accuracy of DDoS detection is a daunting task given the fact that a DDoS attack may be a hybrid of different types of attacks using different protocols, ports, and attack rates ...

doi:10.1109/mcom.2005.1453433 fatcat:sey4mrcslva6lkxxf43ays6n3e

Such attacks are among the toughest to address because they are simple to implement, hard to prevent, and difficult to trace. ... Several efforts are under way to develop attacker-identification technologies on the Internet. This article looks at existing DDoS IP traceback methodologies and future trends. ... The authors also proposed an authentication-marking scheme that uses message authentication codes to prevent packet-content tampering by compromised routers along the attack path. ...

doi:10.1109/msecp.2003.1203219 fatcat:kyi4rydwxbb7ncdmohev3tvyp4

This paper presents an evaluation of two promising schemes for tracing cyber-attacks, the well-known Deterministic Packet Marking, DPM, and a novel marking scheme for IP traceback, Deterministic Flow Marking ... The results show that using DFM may reduce as many as 90% of marked packets on average required for tracing attacks with no false positives, while it eliminates the spoofed marking embedded by the attacker ... [11] have described a technique for tracing anonymous packet flooding attacks on the Internet back toward their source. This traceback can be performed after an attack is identified. ...

doi:10.1109/spw.2013.13 dblp:conf/sp/ForoushaniZ13 fatcat:4drr3p32bfbrzauh4qu67764uu

IP traceback is an important step in defending against denial-of-service (DoS) attacks. Probabilistic packet marking (PPM) has been studied as a promising approach to realize IP traceback. ... Our approach is able to control the distribution of marking information. Hence, it is suitable to be deployed as a value-added service which may create revenue for ISPs. ... We study the efficiency and accuracy of ASPPM in tracing DDoS attacks. ...

dblp:journals/ijnsec/GongS09 fatcat:fgta3hzo7vdrtcryjlq6aduzla

Open Access

Furthermore, important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. ... This paper presents a structural approach to the DDoS problem by developing a classification of DDoS attacks and DDoS defense mechanisms. ... [69] introduced an interesting algebraic approach to PPM. This scheme does not require an upstream router map to construct an attack path. ...

doi:10.1016/j.comnet.2003.10.003 fatcat:j5bmatgznraqxcnclv326qr7my

While distributed packet logging and/or packet marking have been explored in the past for DDoS attack traceback/mitigation, we propose to advance the state of the art by using a novel distributed divide-and-conquer ... Distributed Denial-of-Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. ... [15] proposed another novel coding scheme using an algebraic approach to embed path information. Yaar et.al. ...

doi:10.1109/icdcs.2008.10 dblp:conf/icdcs/MuthuprasannaM08 fatcat:pocjsj2csfhqpg63xq7tbd7wl4

In this paper, we propose a novel traceback method for DDoS attacks that is based on entropy variations between normal and DDoS attack traffic, which is fundamentally different from commonly used packet ... marking techniques. ... ACKNOWLEDGMENTS The authors would like to express their thanks to the anonymous reviews for their insightful comments and suggestions. The work was supported in part by grants ...

doi:10.1109/tpds.2010.97 fatcat:iiu2uaroljclxd2fefxef2ibpi

We conclude by highlighting opportunities for an integrated solution to solve the problem of distributed denial of service attacks. ... This article presents a survey of denial of service attacks and the methods that have been proposed for defense against these attacks. ... ACKNOWLEDGMENTS We thank the anonymous reviewers for their excellent suggestions that have greatly improved the quality of this article. ...

doi:10.1145/1216370.1216373 fatcat:fgim4prdsnbufbaavvptpvgkhq

Additionally, DFM provides an optional authentication so that a compromised router cannot forge markings of other uncompromised routers. ... In this paper, we present a novel approach to IP traceback -deterministic flow marking (DFM). We evaluate this novel approach against two well-known IP traceback schemes. ... [11] have described a technique for tracing anonymous packet flooding attacks on the Internet towards their source. This traceback can be performed after an attack is identified. ...

doi:10.1186/1687-417x-2013-5 fatcat:fpzodzbzk5a7jfpax4ne5nuewq

Open Access

This paper discusses several prominent approaches introduced to counter DDoS attacks in private clouds. We also discuss issues and challenges to mitigate DDoS attacks in private clouds. ... The presence of a large amount of resources organized densely is a key factor in attracting DDoS attacks. Such attacks are arguably more dangerous in private individual clouds with limited resources. ... This way we may be able to trace back the source of the attack or provide a defense as near as possible towards the source-end. ...

arXiv:1710.08628v1 fatcat:qqaa3w3a2bautkkfc22hk3lk5u

Several IP Traceback schemes employing packet marking have been proposed to trace DoS/DDoS attacks that use source address spoofing. ... We additionally propose an enhanced (logical) partitioned coloring technique to achieve an order of magnitude improvement over the best known schemes today. ... Finally, a traceback scheme should not only trace attackers, but also aid in effective mitigation of the ongoing attack [4] . ...

doi:10.1109/icpads.2006.31 dblp:conf/icpads/MuthuprasannaMAK06 fatcat:3ut2jwewzbefveg4wiaa6c6ifq

This is useful for tracing the sources of high volume traffic, e.g., in Distributed Denial-of-Service (DDoS) attacks. ... Simulation results show that our scheme significantly reduces the number of packets needed to reconstruct the attack graph, in both single-and multi-path scenarios, thus increasing the speed of tracing ... ACKNOWLEDGMENT We would like to thank Christina Fragouli for discussions on the coupon collector's problem, which inspired this work. ...

doi:10.1109/netcod.2010.5487682 fatcat:fy6jdoj3kvbkxn7d4loygwsx2m

Among them, distanceindexed probabilistic packet marking schemes appear to be very attractive. In this paper, we first discover two intrinsic vulnerabilities in these schemes. ... In order to counter Denial-of-Service (DoS) attacks using spoofed source addresses, many IP traceback schemes have been proposed in the last few years. ... In Section 2, we present the DDoS attack and IP traceback models, as well as an overview of probabilistic packet marking schemes. ...

doi:10.1504/ijsn.2007.012827 fatcat:is4chiqexrfuvkqoj7ycbhcaia

Towards Improving an Algebraic Marking Scheme for Tracing DDoS Attacks

Preserved Fulltext

Taxonomical approach to the deployment of traceback mechanisms

Preserved Fulltext

Tracing cyber attacks from the practical perspective

Preserved Fulltext

IP traceback: A new denial-of-service deterrent?

Preserved Fulltext

On Evaluating IP Traceback Schemes: A Practical Perspective

Preserved Fulltext

Toward a Practical Packet Marking Approach for IP Traceback

Preserved Fulltext

DDoS attacks and defense mechanisms: classification and state-of-the-art

Preserved Fulltext

Distributed Divide-and-Conquer Techniques for Effective DDoS Attack Defenses

Preserved Fulltext

Traceback of DDoS Attacks Using Entropy Variations

Preserved Fulltext

Survey of network-based defense mechanisms countering the DoS and DDoS problems

Preserved Fulltext

IP traceback through (authenticated) deterministic flow marking: an empirical evaluation

Preserved Fulltext

DDoS Attacks: Tools, Mitigation Approaches, and Probable Impact on Private Cloud Environment [article]

Preserved Fulltext

Coloring the Internet: IP traceback

Preserved Fulltext

A Network Coding Approach to IP Traceback

Preserved Fulltext

Vulnerabilities in distance-indexed IP traceback schemes

Preserved Fulltext