A novel path-based approach for single-packet IP traceback

Authors

  • Ning Lu,

    1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications
    2. School of Computer and Communication Engineering, Northeastern University at Qinhuangdao
    Search for more papers by this author
  • Yulong Wang,

    1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications
    Search for more papers by this author
  • Sen Su,

    Corresponding author
    1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications
    • Correspondence: Prof. Sen Su, 187#, Beijing University of Posts and Telecommunications, State Key Laboratory of Networking and Switching Technology, 10 Xi Tu Cheng Rd., Beijing, China.

      E-mail: susen@bupt.edu.cn

    Search for more papers by this author
  • Fangchun Yang

    1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications
    Search for more papers by this author

  • Some preliminary results of this paper were published in 20th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, Munich, Germany, 15–17 February 2012 [1]. In this paper, we have made the following improvements: firstly, we design a complete system and provide its detailed implementations; secondly, besides the storage overhead and traceback process overhead, we also conduct performance analysis in terms of the traceback accuracy and audit trail table access time; thirdly, to back up the analytic results, we carry out extensive simulations based on synthetic and real network topology.

Abstract

Denial-of-Service attacks continue to plague the Internet. Tracing an individual attack packet to its origin is an important step in defending against these attacks. For this reason, researchers have proposed several approaches for single-packet IP traceback. Packet logging is a generic technique in these methods, which results in the high overhead at routers and low traceback accuracy. In this paper, we propose a novel path-based approach for single-packet IP traceback. Our approach makes use of the routing paths to set up traceback paths, instead of packet logging, so as to improve single-packet IP traceback in several dimensions: (i) our storage overhead is only related to the number of routing paths, no matter how many packets traverse on them; (ii) the number of queried routers during the traceback process is only related to the number of hops in the attack path; (iii) the false positives in attack-path construction can be negligible. We perform extensive mathematical analysis and simulations to evaluate our approach. The results show that our approach represents a step forward in preciseness and efficiency compared with the previous work. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary