Advanced Search
CS Search Google Search
Subscribers, please login

Published Articles >> Table of Contents >> Abstract

2004 IEEE Symposium on Security and Privacy   p. 115
Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation
Jun Li, Georgia Institute of Technology
Minho Sung, Georgia Institute of Technology
Jun (Jim) Xu, Georgia Institute of Technology
Li (Erran) Li, Lucent Technologies
Full Article Text: Download PDF of full textBuy this articleGet full text from IEEE Xplore

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SECPRI.2004.1301319
Send link to a friend

Abstract
Tracing attack packets to their sources, known as IP traceback, is an important step to counter distributed denial-of-service (DDoS) attacks. In this paper, we propose a novel packet logging based (i.e., hash-based) traceback scheme that requires an order of magnitude smaller processing and storage cost than the hash-based scheme proposed by Snoeren et al. [Hash-based IP traceback, in Proc. ACM SIGCOMM], thereby being able to scalable to much higher link speed (e.g., OC-768). The baseline idea of our approach is to sample and log a small percentage (e.g., 3.3%) of packets. The challenge of this low sampling rate is that much more sophisticated techniques need to be used for traceback. Our solution is to construct the attack tree using the correlation between the attack packets sampled by neighboring routers. The scheme using naive independent random sampling does not perform well due to the low correlation between the packets sampled by neighboring routers. We invent a sampling scheme that improves this correlation and the overall efficiency significantly. Another major contribution of this work is that we introduce a novel information-theoretic framework for our traceback scheme to answer important questions on system parameter tuning and the fundamental trade-off between the resource used for traceback and the traceback accuracy. Simulation results based on real-world network topologies (e.g. Skitter) match very well with results from the information-theoretic analysis. The simulation results also demonstrate that our traceback scheme can achieve high accuracy, and scale very well to a large number of attackers (e.g., 5000+).
Additional Information

Citation:  Jun Li, Minho Sung, Jun (Jim) Xu, Li (Erran) Li, "Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation," sp, p. 115,  2004 IEEE Symposium on Security and Privacy,  2004

Similar Articles

Abstract Contents
Abstract
Citation

Download Citation
Ascii Text
BibTex
RefWorks
Procite/RefMan/Endnote




Free access to

  • Abstracts
  • Selected PDFs

Electronic subscribers login to:

  • Access HTML/PDFs of full text articles

Subscription information

Get a Web account

Peer Review Notice

Give us Feedback