ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Tradeoffs in probabilistic packet marking for IP traceback
Full text PdfPdf (318 KB)
Source Annual ACM Symposium on Theory of Computing archive
Proceedings of the thiry-fourth annual ACM symposium on Theory of computing table of contents
Montreal, Quebec, Canada
SESSION: Session 7B table of contents
Pages: 407 - 418  
Year of Publication: 2002
ISBN:1-58113-495-9
Author
Micah Adler  University of Massachusetts, Amherst, MA
Sponsor
SIGACT: ACM Special Interest Group on Algorithms and Computation Theory
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 26,   Citation Count: 15
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/509907.509969
What is a DOI?

ABSTRACT

There has been considerable recent interest in probabilistic packet marking schemes for the problem of tracing a sequence of network packets back to an anonymous source. An important consideration for such schemes is the number of packet header bits that need to be allocated to the marking protocol. Let b denote this value. All previous schemes belong to a class of protocols for which b must be at least log n, where n is the number of bits used to represent the path of the packets. In this paper, we introduce a new marking technique for tracing a sequence of packets sent along the same path. This new technique is effective even when b=1. In other words, the sequence of packets can be traced back to their source using only a single bit in the packet header. With this scheme, the number of packets required to reconstruct the path is O(22n), but we also show that ω(2n) packets are required for any protocol where b=1. We also study the tradeoff between b and the number of packets required. We provide a protocol and a lower bound that together demonstrate that for the optimal protocol, the number of packets required (roughly) increases exponentially with n, but decreases doubly exponentially with b. The protocol we introduce is simple enough to be useful in practice. We also study the case where the packets are sent along k different paths. For this case, we demonstrate that any protocol must use at least log(2k—1) header bits. We also provide a protocol that requires ⌈log(2k+1)⌉ header bits in some restricted scenarios. This protocol introduces a new coding technique that may be of independent interest.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
M. Adler, Tradeoffs in Probabilistic Packet Marking for IP Traceback TITLE2:, University of Massachusetts, Amherst, MA, 2001
 
2
Sigal Ar, Richard Lipton, Ronitt Rubinfeld, and Madhu Sudan, Reconstructing Algebraic Functions from Mixed Data. In Proc. of 33rd Annual Symposium on Foundations of Computer Science, pp. 503--512, October 1992.
 
3
S. M. Bellovin, ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt, Mar. 2000.
 
4
Hal Burch, Tracing Anonymous Packets to Their Approximate Source, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
5
Sven Dietrich , Neil Long , David Dittrich, Analyzing Distributed Denial of Service Tools: The Shaft Case, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
6
Drew Dean, Matt Franklin, and Adam Stubblefield, An Algebraic Approach to IP Traceback. In Proc. 2001 Network and Distributed System Security Symposium.
7
Thomas W. Doeppner , Philip N. Klein , Andrew Koyfman, Using router stamping to identify the source of IP packets, Proceedings of the 7th ACM conference on Computer and communications security, p.184-189, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352627]
 
8
P. Ferguson and D. Senie, RFC 2267: Network Ingress Filetring: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. The Internet Society, 1998.
 
9
Sally Floyd , Van Jacobson, Random early detection gateways for congestion avoidance, IEEE/ACM Transactions on Networking (TON), v.1 n.4, p.397-413, Aug. 1993  [doi>10.1109/90.251892]
 
10
S. Lee and C. Shields, Tracing the Source of Network Attack: A Technical, Legal and Societal Problem. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security , June 2001.
 
11
Rajeev Motwani , Prabhakar Raghavan, Randomized algorithms, Cambridge University Press, New York, NY, 1995
 
12
K. Park and H. Lee. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In Proc. IEEE INFOCOM '01, pp. 338--347, 2001.
13
Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.15-26, August 2001, San Diego, California, United States
 
14
C. Perkins, IP Mobility Support. RFC 2002, Oct. 1996.
15
Luigi Rizzo, Effective erasure codes for reliable computer communication protocols, ACM SIGCOMM Computer Communication Review, v.27 n.2, p.24-36, Apr. 1997  [doi>10.1145/263876.263881]
16
Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
17
Alex C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.3-14, August 2001, San Diego, California, United States
 
18
Dawn X. Song and Adrian Perrig, Advanced and authenticated marking schemes for IP traceback, In Proc. IEEE INFOCOM '01, 2001.

CITED BY  15
Brian Carrier , Clay Shields, The session token protocol for forensics and traceback, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.333-362, August 2004
Hassan Aljifri, IP Traceback: A New Denial-of-Service Deterrent?, IEEE Security and Privacy, v.1 n.3, p.24-31, May 2003
Arnold L. Rosenberg, Accountable Web-Computing, IEEE Transactions on Parallel and Distributed Systems, v.14 n.2, p.97-106, February 2003
Christos Douligeris , Aikaterini Mitrokotsa, DDoS attacks and defense mechanisms: classification and state-of-the-art, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.44 n.5, p.643-666, 5 April 2004
Florian P. Buchholz , Clay Shields, Providing process origin information to aid in computer forensic investigations, Journal of Computer Security, v.12 n.5, p.753-776, September 2004
XiaoFeng Wang , Michael K. Reiter, Mitigating bandwidth-exhaustion attacks using congestion puzzles, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
Micah Adler , Jeff Edmonds , Jivri Matousek, Towards asymptotic optimality in probabilistic packet marking, Proceedings of the thirty-seventh annual ACM symposium on Theory of computing, May 22-24, 2005, Baltimore, MD, USA
Brent Waters , Ari Juels , J. Alex Halderman , Edward W. Felten, New client puzzle outsourcing techniques for DoS resistance, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
Michael T. Goodrich, Efficient packet marking for large-scale IP traceback, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
Miao Ma, Tabu marking scheme to speedup IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.18, p.3536-3549, 21 December 2006
Zhiqiang Gao , Nirwan Ansari, A practical and robust inter-domain marking scheme for IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.3, p.732-750, February, 2007
Liming Lu , Mun Choon Chan , Ee-Chien Chang, A general model of probabilistic packet marking for IP traceback, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
Jianping Pan , Lin Cai , Xuemin Sherman Shen, Vulnerabilities in distance-indexed IP traceback schemes, International Journal of Security and Networks, v.2 n.1/2, p.81-94, March 2007
Ihab Hamadeh , George Kesidis, A taxonomy of internet traceback, International Journal of Security and Networks, v.1 n.1/2, p.54-61, September 2006
Kamel H. Rahouma , Khalid S. Nasr, Design of the host guard firewall for network protection, Proceedings of the 7th WSEAS international conference on Information security and privacy, p.61-72, December 29-31, 2008, Cairo, Egypt

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols

          Nouns: IP

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.1 Network Architecture and Design
          Subjects: Packet-switching networks

  F. Theory of Computation
  F.1 COMPUTATION BY ABSTRACT DEVICES
      F.1.2 Modes of Computation
          Subjects: Probabilistic computation


General Terms:
Design, Experimentation, Performance, Theory

Collaborative Colleagues:
Micah Adler: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player