IP回溯(PFM)的概率流标记

2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM) Pub Date : 2015-10-01 DOI:10.1109/RNDM.2015.7325234

V. A. Foroushani, A. N. Zincir-Heywood

{"title":"IP回溯(PFM)的概率流标记","authors":"V. A. Foroushani, A. N. Zincir-Heywood","doi":"10.1109/RNDM.2015.7325234","DOIUrl":null,"url":null,"abstract":"Distributed-Denial-Of-Service attacks are one of the hardest security issues on the Internet today. One difficulty to counter these attacks is to trace the source of the attacks because they often use spoofed source IP addresses to hide their original source. This paper presents a new IP traceback scheme, called Probabilistic Flow Marking (PFM). The goal is to trace anonymous flooding attacks on the network back toward their original source, even if the source is located behind a network address translation (NAT) or a proxy device. In this approach, PFM embeds a fingerprint in the packets randomly. This enables PFM to identify the origin of the traffic traversing through the Internet on a per flow basis, regardless of the source IP address spoofing. We evaluate PFM on three real-life Internet data sets from the CAIDA archives. Our evaluation results show that compared to the previous IP traceback schemes, PFM significantly decreases the number of marked packets required to traceback and represents a step forward in terms of performance and deployability.","PeriodicalId":248916,"journal":{"name":"2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Probabilistic flow marking for IP traceback (PFM)\",\"authors\":\"V. A. Foroushani, A. N. Zincir-Heywood\",\"doi\":\"10.1109/RNDM.2015.7325234\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed-Denial-Of-Service attacks are one of the hardest security issues on the Internet today. One difficulty to counter these attacks is to trace the source of the attacks because they often use spoofed source IP addresses to hide their original source. This paper presents a new IP traceback scheme, called Probabilistic Flow Marking (PFM). The goal is to trace anonymous flooding attacks on the network back toward their original source, even if the source is located behind a network address translation (NAT) or a proxy device. In this approach, PFM embeds a fingerprint in the packets randomly. This enables PFM to identify the origin of the traffic traversing through the Internet on a per flow basis, regardless of the source IP address spoofing. We evaluate PFM on three real-life Internet data sets from the CAIDA archives. Our evaluation results show that compared to the previous IP traceback schemes, PFM significantly decreases the number of marked packets required to traceback and represents a step forward in terms of performance and deployability.\",\"PeriodicalId\":248916,\"journal\":{\"name\":\"2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RNDM.2015.7325234\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RNDM.2015.7325234","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

分布式拒绝服务攻击是当今Internet上最棘手的安全问题之一。对付这些攻击的一个困难是追踪攻击的来源，因为它们通常使用欺骗的源IP地址来隐藏其原始来源。本文提出了一种新的IP回溯方案，称为概率流标记(PFM)。目标是追踪网络上的匿名泛洪攻击的原始来源，即使源位于网络地址转换(NAT)或代理设备后面。在这种方法中，PFM随机地在数据包中嵌入指纹。这使得PFM能够在每个流量的基础上识别通过Internet的流量的来源，而不考虑源IP地址欺骗。我们用CAIDA档案中的三个真实的互联网数据集来评估PFM。我们的评估结果表明，与以前的IP追溯方案相比，PFM显著减少了追溯所需的标记数据包数量，并且在性能和可部署性方面向前迈进了一步。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Probabilistic flow marking for IP traceback (PFM)

Distributed-Denial-Of-Service attacks are one of the hardest security issues on the Internet today. One difficulty to counter these attacks is to trace the source of the attacks because they often use spoofed source IP addresses to hide their original source. This paper presents a new IP traceback scheme, called Probabilistic Flow Marking (PFM). The goal is to trace anonymous flooding attacks on the network back toward their original source, even if the source is located behind a network address translation (NAT) or a proxy device. In this approach, PFM embeds a fingerprint in the packets randomly. This enables PFM to identify the origin of the traffic traversing through the Internet on a per flow basis, regardless of the source IP address spoofing. We evaluate PFM on three real-life Internet data sets from the CAIDA archives. Our evaluation results show that compared to the previous IP traceback schemes, PFM significantly decreases the number of marked packets required to traceback and represents a step forward in terms of performance and deployability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM)

自引率

0.00%

发文量