This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2013 IEEE Security and Privacy Workshops
On Evaluating IP Traceback Schemes: A Practical Perspective
San Francisco, CA, USA USA
May 23-May 24
ISBN: 978-1-4799-0458-7
This paper presents an evaluation of two promising schemes for tracing cyber-attacks, the well-known Deterministic Packet Marking, DPM, and a novel marking scheme for IP traceback, Deterministic Flow Marking, DFM. First of all we explore the DPM in detail and then by investigating the DFM, we analyze the pros and cons of both approaches in depth in terms of practicality and feasibility, so that shortcomings of each scheme are highlighted. This evaluation is based on CAIDA Internet traces October 2012 dataset. The results show that using DFM may reduce as many as 90% of marked packets on average required for tracing attacks with no false positives, while it eliminates the spoofed marking embedded by the attacker as well as compromised routers in the attack path. Moreover, unlike DPM that traces the attack up to the ingress interface of the edge router close to the attacker, DFM allows the victim to trace the origin of incorrect or spoofed source addresses up to the attacker node, even if the attack has been originated from a network behind a network address translation (NAT), firewall, or a proxy server.
Index Terms:
Flow Base IP Traceback; DDoS Attacks; Deterministic Flow Marking; Authenticated Flow Marking
Citation:
Vahid Aghaei-Foroushani, A. Nur Zincir-Heywood, "On Evaluating IP Traceback Schemes: A Practical Perspective," spw, pp.127-134, 2013 IEEE Security and Privacy Workshops, 2013
Usage of this product signifies your acceptance of the Terms of Use.