Book ChapterDOI
Advanced Packet Marking Mechanism with Pushback for IP Traceback
Hyung-Woo Lee
- pp 426-438
Reads0
Chats0
TLDR
This study proposed an improved marking technique that identifies DDoS traffics at routers by applying the pushback function and cope with DDoS attack packets efficiently and reduced network load and improved traceback performance.Abstract:
Distributed Denial-of-Service(DDoS) attack can be done by generating a large volume of traffic through spoofing the IP address of the target system. In response to such attacks, IP traceback technology has been proposed. The method identifies the source of a DDoS attack and restructures the path on the network through which the attacking packet has been transmitted. Existing traceback techniques marked path information on packets or generated separate traceback messages but they increase network load and cannot cope with DDoS attacks actively because they generate traceback information for arbitrary packets without identifying DDoS attacks. Thus this study proposed an improved marking technique that identifies DDoS traffics at routers by applying the pushback function and cope with DDoS attack packets efficiently. According to the result of experiments, the proposed technique reduced network load and improved traceback performance.read more
Citations
More filters
Journal ArticleDOI
A systematic review of IP traceback schemes for denial of service attacks
TL;DR: A systematic approach is followed to comprehensively review and categorize 275 works representing existing IP traceback literature, providing an in-depth analysis of different IP trace back approaches, their functional classes and the evaluation metrics.
Efficient trapdoor-based client puzzle system against DoS attacks
TL;DR: In this paper, the Trapdoor-based Client Puzzle System (TCPS) was proposed to solve DoS and DDoS attacks by using the trapdoor algorithm for puzzle distribution, which is provably secure under traditional hard problems in mathematics.
trapdoor-based client puzzle system against DoS attacks
TL;DR: This thesis identifies the underlying weaknesses of existing client puzzles, and proposes a new model for puzzle distribution, called the Trapdoor-based Client Puzzle System (TCPS), which is formally defined along with strict security conditions.
Proceedings ArticleDOI
Countermeasures Against Distributed Denial of Service Attacks
TL;DR: A survey of the current proposed countermeasures against distributed denial of service (DDoS) attacks that give a promising approach to the field and the weaknesses of the above methods which result in the fact that no unified method has been adopted yet.
Book ChapterDOI
Efficient Trapdoor-Based Client Puzzle Against DoS Attacks
TL;DR: It is well known that authentication, integrity, and confidentiality are the most important principles of network security, however, recent reports about a number of prominent Internet service providers that broke down because of malicious attacks urge people to realize that all security principles must be based on service availability.
References
More filters
Internet Protocol, Version 6 (IPv6) Specification
S. Deering,R. Hinden +1 more
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Internet Protocol, Version 6 (IPv 6) Specification
TL;DR: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
P. Ferguson,D. Senie +1 more
TL;DR: A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
Proceedings ArticleDOI
Advanced and authenticated marking schemes for IP traceback
Dawn Song,Adrian Perrig +1 more
TL;DR: Two new schemes are presented, the advanced marking scheme and the authenticated marking scheme, which allow the victim to trace-back the approximate origin of spoofed IP packets and provide efficient authentication of routers' markings such that even a compromised router cannot forge or tamper markings from other uncompromised routers.