ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Evaluating the partial deployment of an AS-level IP traceback system
Full text PdfPdf (2.72 MB)
Source Symposium on Applied Computing archive
Proceedings of the 2008 ACM symposium on Applied computing table of contents
Fortaleza, Ceara, Brazil
SESSION: Computer networks table of contents
Pages 2069-2073  
Year of Publication: 2008
ISBN:978-1-59593-753-7
Authors
André O. Castelucio  Military Institute of Engineering, Rio de Janeiro - RJ - Brazil
Ronaldo M. Salles  Military Institute of Engineering, Rio de Janeiro - RJ - Brazil
Artur Ziviani  National Laboratory for Scientific Computing, Petrópolis - RJ - Brazil
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 70,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1363686.1364186
What is a DOI?

ABSTRACT

Distributed Denial of Service (DDoS) attacks currently represent a serious threat to the appropriate operation of Internet services. We propose an IP traceback system to be deployed at the level of Autonomous Systems (ASes) to deal with this threat. Our proposed AS-level IP traceback system contrasts with previous work as it requires a priori no knowledge of the network topology while allowing single packet traceback and incremental deployment. We also investigate and evaluate the strategic placement of our systems, showing that the partial deployment offered by our proposed system provides relevant results in IP traceback, rendering it feasible for large-scale networks such as the Internet.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Network simulator. http://www.isi.edu/nsnam/ns.
 
2
S. Agarwal and T. G. Griffin. BGP Proxy Community Community. IETF Internet Draft, January 2004.
 
3
R. Albert and A.-L. Barabasi. Topology of evolving networks: local events and universality. Physical Review Letters, 85:5234, 2000.
 
4
Hassan Aljifri, IP Traceback: A New Denial-of-Service Deterrent?, IEEE Security and Privacy, v.1 n.3, p.24-31, May 2003  [doi>10.1109/MSECP.2003.1203219]
 
5
A. Belenky and N. Ansari. On IP traceback. IEEE Communications Magazine, 41(7), jul 2003.
 
6
S. Bellovin, M. Leech, and T. Taylor. ICMP Traceback messages. IETF Internet Draft, February 2003.
7
Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, v.13 n.7, p.422-426, July 1970  [doi>10.1145/362686.362692]
 
8
CERT - Computer Emergency Response Team. CERT Advisory CA-1996-21 TCP SYN flooding and IP spoofing attacks. Technical report, CERT, 1996.
 
9
R. Chandra, P. Traina, and T. Li. BGP Communities Attribute, Aug. 1996.
 
10
E. Chen and T. Bates. An Application of the BGP Community Attribute in Multi-home Routing, Aug. 1996.
 
11
Computer Emergency Response Team. CSI/FBI - Computer Crime and Security Survey. Computer Security Institute 2006.
 
12
X. Dimitropoulos, P. Verkaik, and G. Riley. BGP++ http://www.ece.gatech.edu/research/labs/MANIACS/BGP++, 2006.
 
13
A. Durresi, V. Paruchnri, L. Barolli, R. Kannan, and S. S. lyengar. Efficient and secure autonomous system based traceback. Journal of Interconnection Networks, 5(2):151--164, 2004.
14
Michalis Faloutsos , Petros Faloutsos , Christos Faloutsos, On power-law relationships of the Internet topology, Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication, p.251-262, August 30-September 03, 1999, Cambridge, Massachusetts, United States
 
15
G. Huston. NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control, Apr. 2004.
 
16
Internet Security Systems. Distributed denial of service attack tools. Technical report, ISS, 2000.
 
17
Turgay Korkmaz , Chao Gong , Kamil Sarac , Sandra G. Dykes, Single packet IP traceback in AS-level partial deployment scenario, International Journal of Security and Networks, v.2 n.1/2, p.95-108, March 2007  [doi>10.1504/IJSN.2007.012828]
18
Balachander Krishnamurthy, Mohonk: mobile honeypots to trace unwanted traffic early, Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality, September 03-03, 2004, Portland, Oregon, USA  [doi>10.1145/1016687.1016696]
 
19
Rafael P. Laufer , Pedro B. Velloso , Daniel de O. Cunha , Igor M. Moraes , Marco D. D. Bicudo , Marcelo D. D. Moreira , Otto Carlos M. B. Duarte, Towards Stateless Single-Packet IP Traceback, Proceedings of the 32nd IEEE Conference on Local Computer Networks, p.548-555, October 15-18, 2007  [doi>10.1109/LCN.2007.160]
 
20
R. P. Laufer, P. B. Velloso, and O. C. M. B. Duarte. Generalized bloom filters, gta-05-43. Technical report, COPPE/UFRJ, September 2005.
 
21
D. Magoni. Network manipulator. https://dpt-info.u-strasbg.fr/magoni/nem, 2002.
22
Alberto Medina , Ibrahim Matta , John Byers, On the origin of power laws in Internet topologies, ACM SIGCOMM Computer Communication Review, v.30 n.2, April 2000  [doi>10.1145/505680.505683]
23
Jelena Mirkovic , Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004  [doi>10.1145/997150.997156]
24
David Moore , Colleen Shannon , Douglas J. Brown , Geoffrey M. Voelker , Stefan Savage, Inferring Internet denial-of-service activity, ACM Transactions on Computer Systems (TOCS), v.24 n.2, p.115-139, May 2006  [doi>10.1145/1132026.1132027]
 
25
E. Rosen and Y. Rekhter. BGP/MPLS IP Virtual Private Networks (VPNs), Feb. 2006. Updated by RFCs 4577, 4684.
26
Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
 
27
Alex C. Snoeren , Craig Partridge , Luis A. Sanchez , Christine E. Jones , Fabrice Tchakountio , Beverly Schwartz , Stephen T. Kent , W. Timothy Strayer, Single-packet IP traceback, IEEE/ACM Transactions on Networking (TON), v.10 n.6, p.721-734, December 2002  [doi>10.1109/TNET.2002.804827]

CITED BY
André O. Castelucio , Ronaldo M. Salles , Artur Ziviani, An AS-level IP traceback system, Proceedings of the 2007 ACM CoNEXT conference, December 10-13, 2007, New York, New York

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations


General Terms:
Management, Security


Keywords:
AS-level packet traceback, IP traceback, denial of service

Collaborative Colleagues:
André O. Castelucio: colleagues
Ronaldo M. Salles: colleagues
Artur Ziviani: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player