Single Packet AS Traceback against DoS Attacks

Abstract

The Internet is every facet of our daily lives and becomes more pervasive every day. It is designed to forward packets with minimal intervention, including malicious packets. This design enables different attack types including Denial of Service (DoS), which is one of the most harmful cyber-attack types in the Internet. In this work, we propose an Autonomous System (AS) traceback packet marking scheme to infer AS level forward paths from attackers towards a victim site. We utilize the Record Route option of the IP protocol to implement our packet marking scheme. Traceback on the AS level has many advantages, including a significant reduction in the number of required packets to construct forward-paths from attackers toward a victim site, reduction in the number of routers that involves in the packet marking process, and lower packet size overhead to routers, comparing to interface level traceback. Our results show that a victim site can construct the AS level forward path from an attacker site after receiving a single packet. In our marking algorithm, we provide an encoding method to reduce the bandwidth usage. The proposed technique uses 96.91 bits on the average in the Record Route options field, whereas the unencoded version uses 153.96 bits on the average.