Analysis of adjusted probabilistic packet marking

Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764) Pub Date : 2003-12-19 DOI:10.1109/IPOM.2003.1251218

Bilal Rizvi, Emmanuel Femandez-Gaucherand

{"title":"Analysis of adjusted probabilistic packet marking","authors":"Bilal Rizvi, Emmanuel Femandez-Gaucherand","doi":"10.1109/IPOM.2003.1251218","DOIUrl":null,"url":null,"abstract":"Probabilistic packet marking (PPM) has been proposed for the identification of the source of a denial of service (DoS) attack (Savage, S. et al., Proc. ACM SIGCOM, p.295-305, 2000). PPM is based on marking packets with a fixed probability by all routers. However, using a fixed marking probability allows a large number of packets to reach the victim unmarked, which can be spoofed to impede traceback. Also, using a fixed marking probability, the victim receives fewer marked packets from routers further away from the victim, which increases the computational time needed for traceback. Hence, we study the adjusted probabilistic packet marking (APPM) scheme (Teo Peng et al., Proc. Networking, 2002), where variable marking probability is used so that the victim receives packets from all routers with equal probability. However, using the analysis similar to that of Kihomg Park and Heejo Lee (see Proc. IEEE INFOCOM, 2001) we show that APPM is also subject to spoofing of the marking field for smaller path lengths. A modified version of APPM is proposed that reduces unmarked packets reaching the victim and the computational time needed for traceback.","PeriodicalId":128315,"journal":{"name":"Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764)","volume":"1999 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IPOM.2003.1251218","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Probabilistic packet marking (PPM) has been proposed for the identification of the source of a denial of service (DoS) attack (Savage, S. et al., Proc. ACM SIGCOM, p.295-305, 2000). PPM is based on marking packets with a fixed probability by all routers. However, using a fixed marking probability allows a large number of packets to reach the victim unmarked, which can be spoofed to impede traceback. Also, using a fixed marking probability, the victim receives fewer marked packets from routers further away from the victim, which increases the computational time needed for traceback. Hence, we study the adjusted probabilistic packet marking (APPM) scheme (Teo Peng et al., Proc. Networking, 2002), where variable marking probability is used so that the victim receives packets from all routers with equal probability. However, using the analysis similar to that of Kihomg Park and Heejo Lee (see Proc. IEEE INFOCOM, 2001) we show that APPM is also subject to spoofing of the marking field for smaller path lengths. A modified version of APPM is proposed that reduces unmarked packets reaching the victim and the computational time needed for traceback.

查看原文本刊更多论文

调整概率分组标记分析

概率数据包标记(PPM)已被提议用于识别拒绝服务(DoS)攻击的来源(Savage, S. et al.， Proc. ACM SIGCOM, p.295- 305,2000)。PPM是基于所有路由器以固定的概率标记数据包。然而，使用固定的标记概率允许大量数据包到达未标记的受害者，这可能被欺骗以阻碍追溯。此外，使用固定的标记概率，受害者从距离受害者较远的路由器接收到的标记数据包较少，这增加了追溯所需的计算时间。因此，我们研究了调整概率数据包标记(APPM)方案(Teo Peng et al.， Proc. Networking, 2002)，其中使用可变标记概率，以便受害者以相同的概率接收来自所有路由器的数据包。然而，使用与Kihomg Park和Heejo Lee类似的分析(参见Proc. IEEE INFOCOM, 2001)，我们表明，对于较小的路径长度，APPM也会受到标记场的欺骗。提出了一种改进版本的APPM，减少了到达受害者的未标记数据包和追溯所需的计算时间。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764)

自引率

0.00%

发文量