Abstract
Since adversaries may spoof their source IPs in the attacks, traceback schemes have been proposed to identify the attack source. However, some of these schemes' storage requirements increase with packet numbers. Some even have false positives because they use an IP header's fragment offset for marking. Thus, we propose a 16-bit single packet hybrid IP traceback scheme that combines packet marking and packet logging with high accuracy and low storage requirement. The size of our log tables can be bounded by route numbers. We also set a threshold to determine whether an upstream interface number is stored in a log table or in a marking field, so as to balance the logging frequency and our computational loads. Because we store user interface information on small-degree routers, compared with current single packet traceback schemes, ours can have the lowest storage requirements. Besides, our traceback achieves zero false positive/negative rates and guarantees reassembly of fragmented packets at the destination.
Highlights
Recent years have seen the rapid growth of the Internet, and the widespread Internet services have become a part of our daily life
In this paper we propose a 16-bit single packet IP traceback scheme
Because the required storage for our routers’ log tables is bounded by route numbers, it does not grow with the number of passing packets
Summary
Recent years have seen the rapid growth of the Internet, and the widespread Internet services have become a part of our daily life. If the mark is larger than the size of a marking field, the packet’s route is logged onto a router [24,25,26] to decrease each router’s storage loads These schemes decrease the false negative rate because the logged data in a router does not need to be refreshed. The scheme does not have indexes for their log tables It needs to do an exhaustive search during path reconstruction, so as to find the corresponding upstream interface number of the attack packet. To reduce the storage requirements for logging, we propose two schemes in our 16-bit hybrid traceback protocol to encode the upstream routers’ interface numbers as an index of the log table’s entry.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have