An algebraic approach to IP traceback

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

An algebraic approach to IP traceback

Full text

Pdf (221 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 5 , Issue 2 (May 2002) table of contents

Pages: 119 - 137

Year of Publication: 2002

ISSN:1094-9224

Authors

Drew Dean	SRI International, Mento Park, CA
Matt Franklin	U.C. Davis, Davis, CA
Adam Stubblefield	Rice University, Houston, TX

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 78, Citation Count: 26

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/505586.505588 What is a DOI?

ABSTRACT

We present a new solution to the problem of determining the path a packet traversed over the Internet (called the traceback problem) during a denial-of-service attack. This article reframes the traceback problem as a polynomial reconstruction problem and uses algebraic techniques from coding theory and learning theory to provide robust methods of transmission and reconstruction.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Almquist, P. 1992. Type of service in the internet protocol suite. RFC 1349.
	2	Ar, S., Lipton, R. J., Rubinfeld, R., and Sudan, M. 1992. Reconstructing algebraic functions from mixed data. In Proceedings of the 33rd Annual Symposium on Foundations of Computer Science (Pittsburgh, Oct. 24--27), IEEE, Los Alamitos, Calif., 503--512.
	3	Bellovin, S. M. 2000a. Personal communications.
	4	Bellovin, S. M. 2000b. ICMP traceback messages. Available at http://www.research.att.com/~smb/papers/draft-bellovin-itrace-00.txt.
	5	Berlekamp, E. and Welch, L. 1986. Error correction of algebraic block codes. US Patent 4,490,811.
	6	Berlekamp, E. R. 1984. Algebraic Coding Theory. Aegean Park Press.
	7	Bleichenbacher and Nguyen. 2000. Noisy polynomial interpolation and noisy Chinese remaindering. In Advances in Cryptology---Eurocrypt 2000, Springer-Verlag, New York.
	8	Hal Burch, Tracing Anonymous Packets to Their Approximate Source, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
	9	Computer Emergency Response Team. 1999. CERT coordination center denial of service attacks. Available at http://www.cert.org/tech_tips/denial_of_service.html.
	10	Deering, S. and Hinden, R. 1998. Internet protocol, version 6 (IPv6) specification. RFC 2460.
	11	Dittrich, D. 1999a. The "Stacheldraht" distributed denial of service attack tool. Available at http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt.
	12	Dittrich, D. 1999b. The "Tribe Flood Network" distributed denial of service attack tool. Available at http://staff.washington.edu/dittrich/misc/tfn.analysis.
	13	Thomas W. Doeppner , Philip N. Klein , Andrew Koyfman, Using router stamping to identify the source of IP packets, Proceedings of the 7th ACM conference on Computer and communications security, p.184-189, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352627]
	14	Ferguson, P. and Senie, D. 1998. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2267. Available at http://www.ietf.org/rfc/rfc2267.txt.
	15	Guruswami, V. and Sudan, M. 1999. Improved decoding of Reed--Solomon and algebraic-geometric codes. IEEE Trans. Inf. Theor. 45, 1757--1767.
	16	Kent, S. and Atkinson, R. 1998a. IP authentication header. RFC 2402, Available at http://www.ietf.org/rfc/rfc2402.txt.
	17	Kent, S. and Atkinson, R. 1998b. IP encapsulating security payload (ESP). RFC 2406, Available at http://www.ietf.org/rfc/rfc2406.txt.
	18	Donald E. Knuth, The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1997
	19	Lee, H. and Park, K. 2001. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In Proceedings of IEEE INFOCOM 2001 (Anchorage, April), IEEE, Los Alamitos, Calif.
	20	Nichols, K., Blake, S., Baker, F., and Black, D. 1998. Definition of the differentiated services field (DS field) in the IPv4 and IPv6 headers. RFC 2474.
	21	Vadim Olshevsky , M. Amin Shokrollahi, A displacement approach to efficient decoding of algebraic-geometric codes, Proceedings of the thirty-first annual ACM symposium on Theory of computing, p.235-244, May 01-04, 1999, Atlanta, Georgia, United States [doi>10.1145/301250.301311]
	22	William H. Press , Saul A. Teukolsky , William T. Vetterling , Brian P. Flannery, Numerical recipes in FORTRAN (2nd ed.): the art of scientific computing, Cambridge University Press, New York, NY, 1992
	23	Ramakrishnan, K. and Floyd, S. 1999. A proposal to add explicit congestion notification (ECN) to IP. RFC 2481.
	24	Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
	25	Song, D. and Perrig, A. 2000. Advanced and authenticated marking schemes for IP traceback. Tech. Rep. UCB/CSD-00-1107 (June), University of California, Berkeley.
	26	Ion Stoica , Hui Zhang, Providing guaranteed services without per flow management, Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication, p.81-94, August 30-September 03, 1999, Cambridge, Massachusetts, United States
	27	Madhu Sudan, Algorithmic Issues in Coding Theory, Proceedings of the 17th Conference on Foundations of Software Technology and Theoretical Computer Science, p.184-199, December 18-20, 1997
	28	Madhu Sudan, Decoding of Reed Solomon codes beyond the error-correction bound, Journal of Complexity, v.13 n.1, p.180-193, March 1997 [doi>10.1006/jcom.1997.0439]

CITED BY 26

	Haining Wang , Danlu Zhang , Kang G. Shin, Change-Point Monitoring for the Detection of DoS Attacks, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.193-208, October 2004
	Hassan Aljifri, IP Traceback: A New Denial-of-Service Deterrent?, IEEE Security and Privacy, v.1 n.3, p.24-31, May 2003
	Karthik Lakshminarayanan , Daniel Adkins , Adrian Perrig , Ion Stoica, Taming IP packet flooding attacks, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004
	Christos Douligeris , Aikaterini Mitrokotsa, DDoS attacks and defense mechanisms: classification and state-of-the-art, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.44 n.5, p.643-666, 5 April 2004
	Florian P. Buchholz , Clay Shields, Providing process origin information to aid in computer forensic investigations, Journal of Computer Security, v.12 n.5, p.753-776, September 2004
	Katerina Argyraki , David R. Cheriton, Loose source routing as a mechanism for traffic policies, Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture, August 30-30, 2004, Portland, Oregon, USA
	Brent Waters , Ari Juels , J. Alex Halderman , Edward W. Felten, New client puzzle outsourcing techniques for DoS resistance, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Christos Siaterlis , Vasilis Maglaris, One step ahead to multisensor data fusion for DDoS detection, Journal of Computer Security, v.13 n.5, p.779-806, October 2005
	Sherif Khattab , Rami Melhem , Daniel Mossé , Taieb Znati, Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks, Journal of Parallel and Distributed Computing, v.66 n.9, p.1152-1164, September 2006
	Andrey Belenky , Nirwan Ansari, On deterministic packet marking, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.10, p.2677-2700, July, 2007
	Zhiqiang Gao , Nirwan Ansari, A practical and robust inter-domain marking scheme for IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.3, p.732-750, February, 2007
	David G. Andersen, Mayday: distributed filtering for internet services, Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems, p.3-3, March 26-28, 2003, Seattle, WA
	Hikmat Farhat, Protecting TCP services from denial of service attacks, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.155-160, September 11-15, 2006, Pisa, Italy
	Craig A. Shue , Minaxi Gupta , Matthew P. Davy, Packet forwarding with source verification, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.8, p.1567-1582, June, 2008
	Bin Xiao , Wei Chen , Yanxiang He, An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently, Journal of Parallel and Distributed Computing, v.68 n.4, p.456-470, April, 2008
	Gu Hsin Lai , Chia-Mei Chen , Bing-Chiang Jeng , Willams Chao, Ant-based IP traceback, Expert Systems with Applications: An International Journal, v.34 n.4, p.3071-3080, May, 2008
	Liming Lu , Mun Choon Chan , Ee-Chien Chang, A general model of probabilistic packet marking for IP traceback, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
	Jun Li , Jelena Mirkovic , Toby Ehrenkranz , Mengqiu Wang , Peter Reiher , Lixia Zhang, Learning the valid incoming direction of IP packets, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.2, p.399-417, February, 2008
	Jianping Pan , Lin Cai , Xuemin Sherman Shen, Vulnerabilities in distance-indexed IP traceback schemes, International Journal of Security and Networks, v.2 n.1/2, p.81-94, March 2007
	Ihab Hamadeh , George Kesidis, A taxonomy of internet traceback, International Journal of Security and Networks, v.1 n.1/2, p.54-61, September 2006
	Ruiliang Chen , Jung-Min Park , Randolph Marchany, A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks, IEEE Transactions on Parallel and Distributed Systems, v.18 n.5, p.577-588, May 2007
	Toby Ehrenkranz , Jun Li, On the state of IP spoofing defense, ACM Transactions on Internet Technology (TOIT), v.9 n.2, p.1-29, May 2009
	Tao Peng , Christopher Leckie , Kotagiri Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Computing Surveys (CSUR), v.39 n.1, p.3-es, 2007
	Slim Rekhis , Noureddine A. Boudriga, Visibility: a novel concept for characterising provable network digital evidences, International Journal of Security and Networks, v.4 n.4, p.234-245, September 2009
	Wei-Tsung Su , Yi-Hsun Chuang , Zong-Bing Wu , Yau-Hwang Kuo, A table-driven approach for IP traceback based on network statistic analysis, Proceedings of the 11th international conference on Advanced Communication Technology, p.1633-1637, February 15-18, 2009, Gangwon-Do, South Korea
	Wei-Tsung Su , Yi-Hsun Chuang , Zong-Bing Wu , Yau-Hwang Kuo, A table-driven approach for IP traceback based on network statistic analysis, Proceedings of the 11th international conference on Advanced Communication Technology, p.1633-1637, February 15-18, 2009, Gangwon-Do, South Korea