Issue No. 04 - April (2009 vol. 20)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2008.132
Wanlei Zhou , Deakin University, Melbourne
Minyi Guo , Shanghai Jiao Tong University, Shanghai
Yang Xiang , Central Queensland University, Rockhampton
IP traceback is the enabling technology to control Internet crime. In this paper we present a novel and practical IP traceback system called Flexible Deterministic Packet Marking (FDPM) which provides a defense system with the ability to find out the real sources of attacking packets that traverse through the network. While a number of other traceback schemes exist, FDPM provides innovative features to trace the source of IP packets and can obtain better tracing capability than others. In particular, FDPM adopts a flexible mark length strategy to make it compatible to different network environments; it also adaptively changes its marking rate according to the load of the participating router by a flexible flow-based marking scheme. Evaluations on both simulation and real system implementation demonstrate that FDPM requires a moderately small number of packets to complete the traceback process; add little additional load to routers and can trace a large number of sources in one traceback process with low false positive rates. The built-in overload prevention mechanism makes this system capable of achieving a satisfactory traceback result even when the router is heavily loaded. It has been used to not only trace DDoS attacking packets but also enhance filtering attacking traffic.
Communication/Networking and Information Technology, Performance of Systems
Wanlei Zhou, Minyi Guo, Yang Xiang, "Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks", IEEE Transactions on Parallel & Distributed Systems, vol. 20, no. , pp. 567-580, April 2009, doi:10.1109/TPDS.2008.132