A more accurate completion condition for attack-graph reconstruction in Probabilistic Packet Marking algorithm
作者: Samant Saurabh , Ashok Singh Sairam
关键词:
摘要: Probabilistic Packet Marking (PPM) is one of the most promising scheme for IP Traceback in case DDoS attack. PPM reconstructs attack graph order to trace back attackers' network. Finding precise completion condition (i.e. number packets required reconstruct graph) very important. Without correct condition, victim might a wrong or incomplete attack-graph. On other extreme if it waits too long (much more than required) collect marked packets, real attacker would get ample time destroy logs, traces and records easily evade detection. Our work gives that guarantees when reconstructed, with high probability. The main contribution our - increases reliability correctness algorithm improves chances exact origin detection instead just tracing results show relying on upper bound expected equation which implicitly accepted as not accurate even upto 37% cases whereas has error rate around 7% minimal increase packets.
sci-hub.se 参考文章(7)
Steven Bellovin, Marcus Leech, Tom Taylor, ICMP Traceback Messages Internet Draft: draft-bellovin-itrace-00. txt. ,(2003) , 10.7916/D8FF406R
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback acm special interest group on data communication. ,vol. 30, pp. 295- 306 ,(2000) , 10.1145/347057.347560
Samant Saurabh, Ashok Singh Sairam, Linear and Remainder Packet Marking for fast IP traceback communication systems and networks. pp. 1- 8 ,(2012) , 10.1109/COMSNETS.2012.6151318
Kihong Park, Heejo Lee, On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack international conference on computer communications. ,vol. 1, pp. 338- 347 ,(2001) , 10.1109/INFCOM.2001.916716
Hal Burch, None, Tracing Anonymous Packets to Their Approximate Source usenix large installation systems administration conference. pp. 319- 328 ,(2000)
Dawn Xiaodong Song, A. Perrig, Advanced and authenticated marking schemes for IP traceback international conference on computer communications. ,vol. 2, pp. 878- 886 ,(2001) , 10.1109/INFCOM.2001.916279
Hermann Von Schelling, Coupon Collecting for Unequal Probabilities American Mathematical Monthly. ,vol. 61, pp. 306- 311 ,(1954) , 10.1080/00029890.1954.11988466