The Community for Technology Leaders
RSS Icon
Issue No.01 - January-March (2008 vol.5)
pp: 6-21
The probabilistic packet marking (PPM in short) algorithm is a promising way to discover the Internet map, or an attack graph, that the attack packets traversed during a distributed denial-of-service attack. Yet, the PPM algorithm is not prefect as its termination condition is not well-defined in the literature. More importantly, without a proper termination condition, the attack graph constructed by the PPM algorithm would be wrong with a very high probability. In this work, we provide a precise termination condition for the PPM algorithm and name the new algorithm the rectified probabilistic packet marking (RPPM in short) algorithm. The most significant merit of the RPPM algorithm is that when the algorithm terminates, the algorithm guarantees that the constructed attack graph is correct with a specified level of confidence. We carry out simulations on the RPPM algorithm and show that the RPPM algorithm can guarantee the correctness of the constructed attack graph under 1) different probabilities that a router marks the attack packets, and 2) different structures of the network graph. The RPPM algorithm provides an autonomous way for the original PPM algorithm to determine its termination, and it is a promising mean to enhance the reliability of the PPM algorithm.
Network-level security and protection, Probabilistic computation
Man Hon Wong, T.Y. Wong, "A Precise Termination Condition of the Probabilistic Packet Marking Algorithm", IEEE Transactions on Dependable and Secure Computing, vol.5, no. 1, pp. 6-21, January-March 2008, doi:10.1109/TDSC.2007.70229
[1] ”CERT Advisory CA-2000-01: Denial-of-Service Developments,” Computer Emergency Response Team, , 2006.
[2] J. Ioannidis and S.M. Bellovin, “Implementing Pushback: Router-Based Defense against DDoS Attacks,” Proc. Network and Distributed System Security Symp., pp. 100-108, Feb. 2002.
[3] S. Bellovin, M. Leech, and T. Taylor, ICMP Traceback Messages, Internet Draft Draft-Bellovin-Itrace-04.txt, Feb. 2003.
[4] K. Park and H. Lee, “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets,” Proc. ACM SIGCOMM '01, pp. 15-26, 2001.
[5] P. Ferguson and D. Senie, “RFC 2267: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing,” The Internet Soc., Jan. 1998.
[6] D.K.Y. Yau, J.C.S. Lui, F. Liang, and Y. Yam, “Defending against Distributed Denial-of-Service Attacks with Max-Min Fair Server-Centric Router Throttles,” IEEE/ACM Trans. Networking, no. 1, pp.29-42, 2005.
[7] C.W. Tan, D.M. Chiu, J.C. Lui, and D.K.Y. Yau, “A Distributed Throttling Approach for Handling High-Bandwidth Aggregates,” IEEE Trans. Parallel and Distributed Systems, vol. 18, no. 7, pp. 983-995, July 2007.
[8] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Practical Network Support for IP Traceback,” Proc. ACM SIGCOMM '00, pp.295-306, 2000.
[9] D. Dean, M. Franklin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Trans. Information and System Security, vol. 5, no. 2, pp. 119-137, 2002.
[10] D.X. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” Proc. IEEE INFOCOM '01, pp. 878-886, Apr. 2001.
[11] A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tchakountio, S.T. Kent, and W.T. Strayer, “Hash-Based IP Traceback,” Proc. ACM SIGCOMM '01, pp. 3-14, Aug. 2001.
[12] K. Park and H. Lee, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial-of-Service Attacks,” Proc. IEEE INFOCOM '01, pp. 338-347, 2001.
[13] K.T. Law, J.C.S. Lui, and D.K.Y. Yau, “You Can Run, But You Can't Hide: An Effective Methodology to Traceback DDoS Attackers,” IEEE Trans. Parallel and Distributed Systems, vol. 15, no. 9, pp. 799-813, Sept. 2005.
[14] M. Adler, “Trade-Offs in Probabilistic Packet Marking for IP Traceback,” J. ACM, vol. 52, pp. 217-244, Mar. 2005.
[15] H. von Schelling, “Coupon Collecting for Unequal Probabilities,” Am. Math. Monthly, vol. 61, pp. 306-311, 1954.
[16] C. Hedrick, “RFC 1058: Routing Information Protocol,” The Internet Soc., June 1988.
[17] J. Moy, “RFC 2328: Open Shortest Path First (OSPF) Version 2,” The Internet Soc., Apr. 1998.
[18] V. Paxson, “End-to-End Routing Behavior in the Internet,” IEEE/ACM Trans. Networking, vol. 5, pp. 601-615, Oct. 1997.
[19] “CAIDA Router-Level Topology Measurements,” Cooperative Assoc. Internet Data Analysis, skitterrouter_topology/, 2006.
18 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool