You Can Run, But You Can't Hide: An Effective Methodology to Traceback DDoS Attackers
نویسندگان
چکیده
With the increase of sophistication and severity of DDoS attack, it is important for a victim site to quickly identify the potential attackers and eliminate their traffic. Our work is based on the probabilistic marking algorithm by Savage[12] in which an attack graph can be constructed by a victim site. We extend the concept further such that we can deduce the local traffic rate of each router in the attack graph based on the received marked packets. Given the intensities of these local traffic rates, we can eliminate these attackers from sending high volume of traffic to a victim site. More importantly, we propose a theoretical method to determine the minimum stable time tmin, which is the minimum time it takes to accurately determine the local traffic rate of every participating router in the attack graph.
منابع مشابه
DDoS: Survey of Traceback Methods
The problem of identifying Distributed Denial of Service (DDoS) is one of the hardest threats in the internet security. It is important to protect the resource and trace from the Denial of Service (DoS) attack, but it is difficult to distinguish normal traffic and DoS attack traffic because the DoS generally hide their identities/origins. Especially the attackers often use incorrect or spoofed ...
متن کاملAn Efficient IP Traceback mechanism for the NGN based on IPv6 Protocol
Protecting against DOS or DDOS attacks can be regarded as one of the most difficult problems on the Internet today. One solution to thwart these attacks is to trace the source of the attacks. However, it is not easy to trace since the attackers usually use the spoofed IP source addresses to hide his or her network location. The key problem includes how to identify the “real” sources of the atta...
متن کاملAn Efficient Distributed Algorithm to Identify and Traceback DDoS Traffic
Distributed denial-of-service attack is one of the most pressing security problems that the Internet community needs to address. Two major requirements for effective traceback are (i) to quickly and accurately locate potential attackers and (ii) to filter attack packets so that a host can resume the normal service to legitimate clients. Most of the existing IP traceback techniques focus on trac...
متن کاملTracing Anonymous Mobile Attackers in Wireless Network
In a flooding-based distributed denial-of-service (DDoS) attack, an adversary attempts to exhaust a target’s computing resource. To detect DDoS attacks in a network environment, IP traceback methods are deployed to determine the origin of attack packets. With the increase in bandwidth of wireless networks, attackers may choose this medium from which to launch attacks. However, tracing the attac...
متن کاملTraceback of Ddos Attacks Using Entropy Variations
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet which deny normal service and degrade quality of service. However, the Network security mechanisms does not have effective and efficient methods to trace back the source of these attacks. In this paper, I propose a novel traceback method for DDoS attacks that is based on entropy variations between normal and DDoS...
متن کامل