Novel hybrid schemes employing packet marking and logging for IP traceback
Tracing DoS attacks that employ source address spoofing is an important and challenging problem. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet marking) or by storing packet digests or signatures...
Saved in:
| Published in | IEEE transactions on parallel and distributed systems Vol. 17; no. 5; pp. 403 - 418 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
New York
IEEE
01.05.2006
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Tracing DoS attacks that employ source address spoofing is an important and challenging problem. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet marking) or by storing packet digests or signatures at intermediate routers (i.e., packet logging). Such approaches require either a large number of attack packets to be collected by the victim to infer the paths (packet marking) or a significant amount of resources to be reserved at intermediate routers (packet logging). We adopt a hybrid traceback approach in which packet marking and packet logging are integrated in a novel manner, so as to achieve the best of both worlds, that is, to achieve a small number of attack packets to conduct the traceback process and a small amount of resources to be allocated at intermediate routers for packet logging purposes. Based on this notion, two novel traceback schemes are presented. The first scheme, called distributed link-list traceback (DLLT), is based on the idea of preserving the marking information at intermediate routers in such a way that it can be collected using a link list-based approach. The second scheme, called probabilistic pipelined packet marking (PPPM), employs the concept of a "pipeline" for propagating marking information from one marking router to another so that it eventually reaches the destination. We evaluate the effectiveness of the proposed schemes against various performance metrics through a combination of analytical and simulation studies. Our studies show that the proposed schemes offer a drastic reduction in the number of packets required to conduct the traceback process and a reasonable saving in the storage requirement. |
|---|---|
| AbstractList | Tracing DoS attacks that employ source address spoofing is an important and challenging problem. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet marking) or by storing packet digests or signatures at intermediate routers (i.e., packet logging). Such approaches require either a large number of attack packets to be collected by the victim to infer the paths (packet marking) or a significant amount of resources to be reserved at intermediate routers (packet logging). We adopt a hybrid traceback approach in which packet marking and packet logging are integrated in a novel manner, so as to achieve the best of both worlds, that is, to achieve a small number of attack packets to conduct the traceback process and a small amount of resources to be allocated at intermediate routers for packet logging purposes. Based on this notion, two novel traceback schemes are presented. The first scheme, called distributed link-list traceback (DLLT), is based on the idea of preserving the marking information at intermediate routers in such a way that it can be collected using a link list-based approach. The second scheme, called probabilistic pipelined packet marking (PPPM), employs the concept of a "pipeline" for propagating marking information from one marking router to another so that it eventually reaches the destination. We evaluate the effectiveness of the proposed schemes against various performance metrics through a combination of analytical and simulation studies. Our studies show that the proposed schemes offer a drastic reduction in the number of packets required to conduct the traceback process and a reasonable saving in the storage requirement. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet marking) or by storing packet digests or signatures at intermediate routers (i.e., packet logging). |
| Author | Govindarasu, M. Al-Duwairi, B. |
| Author_xml | – sequence: 1 givenname: B. surname: Al-Duwairi fullname: Al-Duwairi, B. organization: Dept. of Comput. Eng., Jordan Univ. of Sci. & Technol., Irbid, Jordan – sequence: 2 givenname: M. surname: Govindarasu fullname: Govindarasu, M. |
| BookMark | eNp90c9LHDEUB_AgCl1Xb715GXrQS2d9efkxyVHUtsqiQu05ZDLZ3dHZyZrMFva_b4YtFIR6ygt8XiDf7zE57EPvCflMYUYp6Mvnp5ufMwSQM8kOyIQKoUqkih3mGbgoNVL9iRyn9AJAuQA-IfcP4bfvitWujm1TJLfya58Kv950Ydf2y2Jj3asfirWNr-PV9k3RheVynBchFndPxRCt83VmJ-RoYbvkT_-eU_Lr2-3z9Y9y_vj97vpqXjrGxVBa68CyBec1A85qRMUbKSvUoDyvK6wogpaVbhAbTRsmBKsYOJTUKWexZlNysX93E8Pb1qfBrNvkfNfZ3odtMkpLqlmOIcvzDyUqQK2oyPDLO_gStrHPvzCaIoJENiLcIxdDStEvjGsHO7ShzxG0naFgxhbM2IIZWzCS5aWv75Y2sc1p7v7Hz_a89d7_o5IyJYD9AcZekNU |
| CODEN | ITDSEO |
| CitedBy_id | crossref_primary_10_1109_TIFS_2016_2624741 crossref_primary_10_1080_2333696X_2008_10855850 crossref_primary_10_1109_TIFS_2011_2169960 crossref_primary_10_1371_journal_pone_0160375 crossref_primary_10_1109_TIFS_2014_2381873 crossref_primary_10_1007_s13119_012_0007_x crossref_primary_10_1016_j_adhoc_2009_07_002 crossref_primary_10_1016_j_cose_2017_08_012 crossref_primary_10_1109_SURV_2013_031413_00127 crossref_primary_10_1587_transcom_E96_B_1896 crossref_primary_10_1002_sec_725 crossref_primary_10_1016_j_fsidi_2019_200892 crossref_primary_10_1109_TC_2015_2439287 crossref_primary_10_1109_TPDS_2008_132 crossref_primary_10_1007_s11277_020_07546_1 crossref_primary_10_1109_TPDS_2007_70817 crossref_primary_10_1016_j_comnet_2018_07_013 crossref_primary_10_1002_sec_1554 crossref_primary_10_1587_transinf_E94_D_2077 crossref_primary_10_1109_TIFS_2015_2491299 crossref_primary_10_1016_j_cose_2015_06_007 crossref_primary_10_1016_j_cose_2019_04_017 crossref_primary_10_1002_dac_4382 crossref_primary_10_1109_TPDS_2010_97 |
| Cites_doi | 10.1145/505586.505588 10.1145/863965.863968 10.1145/964723.383060 10.1145/362686.362692 10.1109/infcom.2001.916279 10.1109/ICCCN.2004.1401609 10.1109/ICDCS.2003.1203482 10.1145/347057.347560 10.21236/ADA400003 10.1109/CSFW.1999.779758 10.1145/586110.586128 10.1109/infcom.2001.916716 10.1109/TPDS.2003.1233709 10.1109/4236.991439 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2006 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2006 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D F28 FR3 |
| DOI | 10.1109/TPDS.2006.63 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional ANTE: Abstracts in New Technology & Engineering Engineering Research Database |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional Engineering Research Database ANTE: Abstracts in New Technology & Engineering |
| DatabaseTitleList | Technology Research Database Technology Research Database Computer and Information Systems Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISSN | 1558-2183 |
| EndPage | 418 |
| ExternalDocumentID | 2544607371 10_1109_TPDS_2006_63 1613850 |
| Genre | orig-research |
| GroupedDBID | --Z -~X .DC 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABFSI ABQJQ ABVLG ACGFO ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AI. AIBXA AKJIK AKQYR ALLEH ALMA_UNASSIGNED_HOLDINGS ASUFR ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 E.L EBS EJD HZ~ H~9 ICLAB IEDLZ IFIPE IFJZH IPLJI JAVBF LAI M43 MS~ O9- OCL P2P PQQKQ RIA RIE RNI RNS RZB TN5 TWZ UHB VH1 AAYXX CITATION RIG 7SC 7SP 8FD JQ2 L7M L~C L~D F28 FR3 |
| ID | FETCH-LOGICAL-c345t-aac0a3f44b3043b2284d6672908e4b7271209679d22d91d3553730c261c8ca2b3 |
| IEDL.DBID | RIE |
| ISSN | 1045-9219 |
| IngestDate | Fri Jul 11 09:48:48 EDT 2025 Thu Jul 10 23:10:10 EDT 2025 Sun Jun 29 12:30:14 EDT 2025 Tue Aug 05 12:04:38 EDT 2025 Thu Apr 24 23:09:36 EDT 2025 Wed Aug 27 02:52:30 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 5 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c345t-aac0a3f44b3043b2284d6672908e4b7271209679d22d91d3553730c261c8ca2b3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 ObjectType-Article-2 ObjectType-Feature-1 content type line 23 |
| PQID | 912206235 |
| PQPubID | 23500 |
| PageCount | 16 |
| ParticipantIDs | proquest_miscellaneous_896193200 crossref_citationtrail_10_1109_TPDS_2006_63 proquest_miscellaneous_28029815 crossref_primary_10_1109_TPDS_2006_63 ieee_primary_1613850 proquest_journals_912206235 |
| PublicationCentury | 2000 |
| PublicationDate | 2006-05-01 |
| PublicationDateYYYYMMDD | 2006-05-01 |
| PublicationDate_xml | – month: 05 year: 2006 text: 2006-05-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on parallel and distributed systems |
| PublicationTitleAbbrev | TPDS |
| PublicationYear | 2006 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref12 Bellovin (ref16) 2000 ref15 ref14 ref20 Mankin (ref10) ref2 ref1 Burch (ref4) Stone (ref18) ref17 McGuire (ref11) 2002 ref19 ref8 ref7 ref9 ref3 ref6 Daniels (ref5) 2002 |
| References_xml | – ident: ref6 doi: 10.1145/505586.505588 – ident: ref8 doi: 10.1145/863965.863968 – volume-title: Proc. Ninth USENIX Security Symp. ident: ref18 article-title: Centertrack: An IP Overlay Network for Tracking DoS Floods – ident: ref19 doi: 10.1145/964723.383060 – start-page: 319 volume-title: Proc. 2000 USENIX LISA Conf. ident: ref4 article-title: Tracing Anonymous Packets to Their Approximate Source – ident: ref3 doi: 10.1145/362686.362692 – ident: ref17 doi: 10.1109/infcom.2001.916279 – ident: ref1 doi: 10.1109/ICCCN.2004.1401609 – year: 2002 ident: ref5 article-title: Reference Models for the Concealment and Observation of Origin Identity in Store-and-Forward Networks – ident: ref7 doi: 10.1109/ICDCS.2003.1203482 – year: 2002 ident: ref11 article-title: Attack on Internet Called Largest Ever – ident: ref15 doi: 10.1145/347057.347560 – ident: ref13 doi: 10.21236/ADA400003 – ident: ref12 doi: 10.1109/CSFW.1999.779758 – volume-title: Proc. IEEE Int’l Conf. Computer Comm. Networks (ICCCN) ident: ref10 article-title: Intention-Driven ICMP Traceback – ident: ref9 doi: 10.1145/586110.586128 – ident: ref14 doi: 10.1109/infcom.2001.916716 – ident: ref20 doi: 10.1109/TPDS.2003.1233709 – ident: ref2 doi: 10.1109/4236.991439 – year: 2000 ident: ref16 article-title: ICMP Traceback Messages |
| SSID | ssj0014504 |
| Score | 2.1292043 |
| Snippet | Tracing DoS attacks that employ source address spoofing is an important and challenging problem. Traditional traceback schemes provide spoofed packets... Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 403 |
| SubjectTerms | Analytical models Computer crime DDoS attacks Delay Information filtering Information filters Internet security IP (Internet Protocol) IP traceback Logging Mathematical analysis Measurement Performance analysis Pipelines Probability theory Resource management Routers Security Signatures Simulation Studies Web and internet services |
| Title | Novel hybrid schemes employing packet marking and logging for IP traceback |
| URI | https://ieeexplore.ieee.org/document/1613850 https://www.proquest.com/docview/912206235 https://www.proquest.com/docview/28029815 https://www.proquest.com/docview/896193200 |
| Volume | 17 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NT9wwEB1RTvRQWmjVhZb6QE9tFm_seJ1jVYoACYRUkLhF9niiSkAWsVmk9td37GTTTyRukfKkWI7HfuP5eAC73k_Ql05mwaDJNJHKLNa8loOcBmeJrIsR3ZNTc3ihjy-LyxX4ONTCEFFKPqNxfEyx_DDDRbwq22N2omx00J-w49bVag0RA10kqUD2LoqsZDMcktzLvfOz_a9d2MGoP46fpKfyzyacTpaDdThZjqlLKLkaL1o_xh9_tWt87KCfw7OeYopP3Zp4ASvUbMD6Ur5B9Na8AU9_60W4Ccens3u6Ft--xxIuwT4v3dBcUBIEZoBg3_qKWnHj0uW6cE0QPMQocSSY94qjM9HeOSTPsJdwcfDl_PNh1gstZKh00WbOoXSq1torqZXP-cgKxjDtlpa0Z4YTC2zNtAx5HspJYIqieGNAdr7Qosu9egWrzayh1yC8LCxhyAs3RY114UKNGJSpeUf2U12P4MNy_ivsu5BHMYzrKnkjsqzi34rimKYyagTvB_Rt133jAdxmnPhfmG7OR7C9_LVVb5rzqpzkuWTSV4zg3fCWbSoGSlxDs8W8ym1sTD9hhHgAYUsTma-UW___8jasdXc1MTPyDay2dwt6y-yl9Ttp2f4EveHtNg |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwzV1Lb9QwEB6VcgAOFFoQS4H6QE8oW68de5MDB0SpdvtYVWIr9Rb8mAiJNlt1s6DyW_gr_DfGTjY8e6zELVJGieIZz3yTGc8H8NLagbO54YnXTicpokwyV5Itez70JkPMTKjoHk306CTdP1WnK_CtOwuDiLH5DPvhMtby_cwtwq-yHUInMlO8baE8wKsvlKDNX493SZvbQuy9m74dJS2HQOJkqurEGMeNLNPUUt4urSBv7LUmRMkzTC0F73B2VA9zL4TPB56irySbd5RXuMwZYSU99xbcJpyhRHM6rKtRpCqSE1I-o5KcNn7XVp_vTI933zeFDi1_C3iRweUvtx9j2d4afF-uQtPC8qm_qG3fff1jQOT_ukwP4H4LotmbxuofwgpW67C2JKhgrb9ah3u_TFvcgP3J7DOesY9X4ZAao6wez3HOMFIekwC7MOTRanZuYvmAmcozWpJA4sQI2bPxMasvjUNLYo_g5Ea-7zGsVrMKnwCzXGXovFBm6FJXKuNL57zUJcUcO0zLHrxa6rtw7Zz1QPdxVsR8i-dFsI5A_6kLLXuw3UlfNPNFrpHbCIr-KdPouAebS1MqWuczL_KBEJxgrerBVneXvEYoBZkKZ4t5IbIwen9AEuwaiSzXAdtz_vTfb96CO6Pp0WFxOJ4cbMLd5s9U6AN9Bqv15QKfE1ar7Yu4ZRh8uGnj-wGU90bO |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Novel+hybrid+schemes+employing+packet+marking+and+logging+for+IP+traceback&rft.jtitle=IEEE+transactions+on+parallel+and+distributed+systems&rft.au=Al-Duwairi%2C+B&rft.au=Govindarasu%2C+M&rft.date=2006-05-01&rft.issn=1045-9219&rft.volume=17&rft.issue=5&rft_id=info:doi/10.1109%2FTPDS.2006.63&rft.externalDBID=NO_FULL_TEXT |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1045-9219&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1045-9219&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1045-9219&client=summon |