R. Laufer, P. B. Velloso, D. Cunha, I. Moraes, M. Bicudo, M. D. D. Moreira, O. Duarte
{"title":"迈向无状态单包IP回溯","authors":"R. Laufer, P. B. Velloso, D. Cunha, I. Moraes, M. Bicudo, M. D. D. Moreira, O. Duarte","doi":"10.1109/LCN.2007.15","DOIUrl":null,"url":null,"abstract":"The current Internet architecture allows malicious nodes to disguise their origin during denial-of-service attacks with IP spoofing. A well-known solution to identify these nodes is IP traceback. In this paper, we introduce and analyze a lightweight single-packet IP traceback system that does not store any data in the network core. The proposed system relies on a novel data structure called Generalized Bloom Filter, which is tamper resistant. In addition, an efficient improved path reconstruction procedure is introduced and evaluated. Analytical and simulation results are presented to show the effectiveness of the proposed scheme. The simulations are performed in an Internet-based scenario and the results show that the proposed system locates the real attack path with high accuracy.","PeriodicalId":333233,"journal":{"name":"32nd IEEE Conference on Local Computer Networks (LCN 2007)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"59","resultStr":"{\"title\":\"Towards Stateless Single-Packet IP Traceback\",\"authors\":\"R. Laufer, P. B. Velloso, D. Cunha, I. Moraes, M. Bicudo, M. D. D. Moreira, O. Duarte\",\"doi\":\"10.1109/LCN.2007.15\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The current Internet architecture allows malicious nodes to disguise their origin during denial-of-service attacks with IP spoofing. A well-known solution to identify these nodes is IP traceback. In this paper, we introduce and analyze a lightweight single-packet IP traceback system that does not store any data in the network core. The proposed system relies on a novel data structure called Generalized Bloom Filter, which is tamper resistant. In addition, an efficient improved path reconstruction procedure is introduced and evaluated. Analytical and simulation results are presented to show the effectiveness of the proposed scheme. The simulations are performed in an Internet-based scenario and the results show that the proposed system locates the real attack path with high accuracy.\",\"PeriodicalId\":333233,\"journal\":{\"name\":\"32nd IEEE Conference on Local Computer Networks (LCN 2007)\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-10-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"59\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"32nd IEEE Conference on Local Computer Networks (LCN 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN.2007.15\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"32nd IEEE Conference on Local Computer Networks (LCN 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2007.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The current Internet architecture allows malicious nodes to disguise their origin during denial-of-service attacks with IP spoofing. A well-known solution to identify these nodes is IP traceback. In this paper, we introduce and analyze a lightweight single-packet IP traceback system that does not store any data in the network core. The proposed system relies on a novel data structure called Generalized Bloom Filter, which is tamper resistant. In addition, an efficient improved path reconstruction procedure is introduced and evaluated. Analytical and simulation results are presented to show the effectiveness of the proposed scheme. The simulations are performed in an Internet-based scenario and the results show that the proposed system locates the real attack path with high accuracy.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
