W. Liu, H.-X. Duan, Y. Feng, Y.-B. Li, and P. Ren (PRC)
IDS; IP Traceback; XOR; Edge Sampling
This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. We first analyze the limitation of Edge Sampling Algorithm (ESA) [1], then present a new scheme IESA for providing traceback information in IP packets, which marking the packet with a dynamic marking probability to ensure that the victim receives all the marked packets with equal probability. This scheme can reduce greatly the possibility that a marked packet further away from victim is remarked by the router nearer to the victim, hence greatly reduces the number of packets needed to reconstruct the attack path, and therefore greatly reduces the reconstruction time.
Important Links:
Go Back