Mitigating Distributed Denial-of-Service Attack with Deterministic Bit Marking

The Distributed Denial-of-Service attack is a serious threat in Internet and an effective method is needed for distinguishing the attack traffic from the legitimate traffic. We propose the concept of bit marking to identify and drop the attack packets. Bit marking is a variation of packet marking technique that modifies the packet header at each router. However bit marking differs from packet marking in its process and the purpose. Instead of storing the router information in the packets, bit marking alters one or more bits in the marking field at each router. The bit positions for each ingress line card are selected randomly only once at the initialization. Such bit marking is performed to all the packets, resulting in a common path signature in the marking field upon arriving at a destination for all the packets originating from the same location. Since the packets traversing different paths are likely to have different path signatures, the bit marking process generates quite unique path signature for different sources, roughly emulating the source IP. Such Path Signature allows an easy identification and blocking of the DDoS attack. We show that the PS becomes more diverse as the lengths of the distinct path increases. From an artificial and real Internet topology we observe that the sources are uniformly distributed over the path signature space. In our experiments, the attack traffic can be blocked up to 99.6% using PS. DBM can mitigate most known attack types, such as SYN flooding, reflection attack, UDP flooding, etc. and it is robust to various attack patterns. DBM can also be extended to source address traceback with the topology information of participating routers. This method is simpler to implement than PPM and only small number of routers needs to be upgraded. The deployment can be done gradually without any impact on non-participating routers. Keyword: Denial-of-Service Attack, Internet, Network Security Mitigating Distributed Denial-of-Service Attack with Deterministic Bit Marking Yoohwan Kim, Ju-Yeon Jo, Frank Merat, Mei Yang, and Yingtao Jiang School of Computer Science, University of Nevada Las Vegas, NV, 89052-4019, USA Email: [email protected] Computer Science Department, California State University Sacramento, CA, 95819-6021, USA Email: [email protected] Electrical Engineering and Computer Science Department, Case Western Reserve University Cleveland, OH, 44106-7071, USA Email: [email protected] Department of Electrical and Computer Engineering, University of Nevada Las Vegas, NV, 89052-4019, USA Email: {meiyang, yingtao}@egr.unlv.edu