SlideShare a Scribd company logo

AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM

IJNSA Journal
IJNSA Journal

Denial-of-service (DoS) attacks pose an increasing threat to today’s Internet. One major difficulty to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Probabilistic packet marking algorithm (PPM), allows the victim to trace back the appropriate origin of spoofed IP source address to disguise the true origin. In this paper we propose a technique that efficiently encodes the packets than the Savage probabilistic packet marking algorithm and reconstruction of the attack graph. This enhances the reliability of the probabilistic packet marking algorithm.

Engineering
1 of 11
Download to read offline
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 DOI : 10.5121/ijnsa.2010.2309 132 AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM Y.Bhavani P.Niranjan Reddy Asst.Professor Asst. Professor and Head yerram.bh@gmail.com npolala@yahoo.co.in Department of Computer Science and Engineering Kakatiya Institute of Technology and Science Warangal, Andhra Pradesh, India – 506 015 ABSTRACT Denial-of-service (DoS) attacks pose an increasing threat to today’s Internet. One major difficulty to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Probabilistic packet marking algorithm (PPM), allows the victim to trace back the appropriate origin of spoofed IP source address to disguise the true origin. In this paper we propose a technique that efficiently encodes the packets than the Savage probabilistic packet marking algorithm and reconstruction of the attack graph. This enhances the reliability of the probabilistic packet marking algorithm. KEYWORDS Denial-of-service, Probabilistic Packet Marking Algorithm, Efficient Probabilistic Packet Marking algorithm, attack graph. 1. INTRODUCTION Defending against Denial-of service attacks is far from an exact or complete science. Rate limiting, packet filtering [4], [6], [7], and ICMP traceback [3], in some cases, help limit the impact of Denial-of-service attacks, but usually only at points where the Denial-of-service attack is consuming fewer resources than that are available. In many cases, the only defense is a reactive one, where the source or sources of an ongoing attack are identified and prevented from continuing the attack. One major difficulty is to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Therefore, attackers can easily disguise themselves as some other hosts on the Internet. Because of the stateless nature of the Internet, it is a difficult task to determine or trace the source of these attacker’s packets and there by locate the potential locations of these attackers. This is known as the IP traceback problem. Many IP traceback techniques [8], [10], [11], [12], [14] have been proposed, they all have short comings that limit their usability in practice. Some of them are Ingress filtering[5] requires edge routers to have sufficient processing power, to inspect the packet’s destination IP address for normal packet forwarding service. It also need to inspect the source address and determine whether it is a legitimate or illegitimate address. Another major problem with ingress filtering is that this technique is only effective if there is a widespread deployment in the networking community such that many ISPs are willing to deploy this service. Moreover, even with the enabling of ingress filtering service, attackers can still forge the source IP addresses as other hosts within their network domain. Alternative approach to DDoS traceback includes input debugging approach [18] which requires cooperation between system administrators of different
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 133 ISPs. Therefore, it may not be able to trace the attackers in realtime or in the midst of a DDoS attack. Other approaches such as controlled flooding [16], which either generates many additional packets to the network (which can be viewed as another form of DDoS attack), or network logging [11], which requires additional storage and computational overhead of the participating routers. All, the above approaches have performance problems and significant deployment difficulties. One promising solution, proposed by savage et al [9], is to let routers probabilistically mark packets with partial path information during packet forwarding. The victim then reconstructs the complete path after receiving a modest number of packets that contain the marking. This approach has a low overhead for routers and the network and supports incremental deployment. We call this type of approach as the IP marking approach. In this paper we propose a new scheme similar to the technique used by Savage. The difference is our technique significantly encodes all the edges needed by the victim to reconstruct the attack path. This paper is organized as follows. In section 2 we describe about PPM algorithm. Section 3 presents related work. Section 4 introduces the modified packet marking algorithm (EPPM) concrete encoding strategy and implemented with our new algorithm. Section 5 presents experimental results of our work. Finally section 6 describes conclusion and future scope of the work. 2. The Probabilistic Packet Marking Algorithm The probabilistic packet marking (PPM) algorithm was originally suggested by Burch and Cheswick [16] and was carefully designed and implemented by Savage et al. [9] to solve the IP traceback problem. It is a used to discover the Internet map or an attack graph during a distributed denial-of-service attack. The PPM algorithm consists of two procedures: The packet marking procedure and graph reconstruct procedure. In the packet marking procedure the packets randomly encode every edge of the attack graph and the graph reconstruction procedure obtains the constructed graph from this encoded information. Here the constructed graph should be the same as the attack graph. The constructed graph is the graph obtained by the PPM algorithm and attack graph is the set of paths the attack packets has been traversed. Figure 1. An attack graph containing attack path. A1 A2 A3 R6 R1 R4 R5R2 R3 V
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 134 The network can be viewed as a directed graph G = (V,E) where V is the set of nodes and E is the set of edges. V may be a single host under attack, or a network border device such as a firewall or intrusion detection system that represents many such hosts. Every potential attack origin Ai is a leaf in a tree rooted at V and every router Ri is an internal node along a path between some Ai and V. The attack path from Ai is the ordered list of routers between Ai and V that the attack packet has traversed, e.g. the dotted line in the figure 1 indicate the attack path: (R1, R2,R3). The distance of Ri from V on a path is the number of routers between Ri and V on the path, e.g. the distance of R1 to V in the path (R1,R2,R3) is 2. The attack graph is the graph composed of the attack path e.g., the attack graph in the example will be the graph containing the attack path (R1,R2,R3). And we refer to the packets used in DDOS attacks as attack packets. 2.1 Packet Marking Procedure To implement an IP traceback service previously they used to allocate enough space in an IP packet header so that one can use this space to record the traversed path of a packet. For example, each router, beside performing the normal packet forwarding and routing functions, records or appends its own ID in the pre-allocated space at the packet’s header. In this analogy when a victim receives a marked packet, victim can examine the packet’s header and obtain the complete traverse path information of the marked packet. However, one major problem about this simple approach is that the length of a traversed path (e.g., number of hops) of a packet is not fixed. Therefore, it is impossible to pre-allocate sufficient amount of space in the packet’s header in advance. Another technical difficulty of recording complete path information of each packet to the victim is that if an attacker can potentially manipulate this path information and fill in false router’s identification in the packet’s header it misleads the victim site. The packet marking algorithm proposed by Savage [9] instead of recording the complete path information of a packet, only records each edge traversed from the attacker to the victim site in a probabilistic fashion. The routers encode the information in three marking fields of an attack packet: (start, end, distance). The start and end fields store the IP addresses of the two routers at the end points of the marked edge. The distance field records the number of hops between the marked edge and the victim site. In the PPM a packet stores the information of an edge in the IP header. The pseudocode of the procedure [9] is given in Fig. 2 for reference. The router determines how the packet can be processed depending on the random number generated,. If x is smaller than the predefined marking probability pm, the router chooses to start encoding an edge. The router sets the start field of the incoming packet to the routers address and resets the distance field to zero. If x is greater than pm, the router chooses to end encoding an edge by setting the router’s address in the end field. Marking procedure at router R for each packet w let x be a random number from [0..1) if x < pm then write R into w.start and 0 into w.distance else if w.distance = 0 then write R into w.end increment w.distance Figure 2. packet marking algorithm.
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 135 2.2 Graph reconstruction procedure A victim V, upon receiving packets, first needs filtering of unmarked packets (since they don’t carry any information in the attack graph construction). The victim needs to execute the graph construction algorithm for all the collected marked packets and re-construct the attack graph. Figure 3 illustrates the attack graph construction algorithm. Attack Graph Construction Procedure at victim V let G be a tree with root being victim V ; let edges in G be tuples(start,end,distance); for (each received marked packet w) { if (w.distance==0) then insert edge (w.start,V ,0) into G ; else insert edge (w.start, w.end, w.distance) into G ; } remove any edge (x,y,d) with d ≠ distance from x to V in G ; extract path (Ri…Rj) by enumerating acyclic paths in G ; Figure 3. Attack Graph Construction algorithm. 3. Related Work In the packet marking procedure, even if a packet has already encoded an edge, successive routers may choose to start encoding another edge randomly. As a result, when a packet arrives at the victim, it may either encode any of the edges of the attack graph, or may not encode any edge. Figure 4 illustrates the set of marked and unmarked edges collected by the victim under a simple linear network topology. In this example, the victim could collect 4 types of packets. Figure 4. Example of packet marking procedure Source R1 R2 R3 Victim R3 --- 0 R1 R2 2 R2 R3 1 --- ---- --- - Start End d Marking field data
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 136 According to the probabilistic packet marking algorithm, each packet may mark or unmark an edge with some probability. Let Pm(d) denote that an edge is marked, and it is d hops away from the victim site. In general, we have Pm(d) = p(1-p)d d≥0 (1) In some cases the packet may not be encoded at all, this is the case when in every router x is less than Pm. Let Pu(d) be the probability that a victim V will not find an edge which is d hops away as a marked edge. We have Pu(d) = (1-p)d+1 d≥0 (2) In other words, all routers along the path to the victim decide not to mark the packet. So figure 4 shows the marked packets with marked edges (R1, R2), (R2, R3), and (R3, -). The victim V can also receive unmarked packets. This paper mainly presents the effective way of encoding the edges. In the Savage[9] algorithm when a packet arrives at a router R1, the router determines how the packet can be processed based on a random number x (line number 1 in the Figure 2). If x is smaller than the predefined marking probability Pm, the router chooses to start encoding an edge. The router sets the start field of the incoming packet to the router’s address and resets the distance field of that packet to zero. Then, the router R1 forwards the packet to the next router R2 as shown in the figure 5. Figure 5. Packet w received to R2. When the packet arrives at the router R2, the router R2 again chooses if it should start encoding another edge. For example, for this time, let us suppose the router chooses not to start encoding a new edge (it is the case when x is greater than Pm). Then, the router R2 will discover that the previous router R1 has started marking an edge, because the distance field of the packet is zero. Eventually, the router R2 sets the end field of the packet to the router’s address as shown in figure 6. Then this router R2 again forwards the encoded packet to the next router R3. Now at R3 if x is smaller than the predefined marking probability Pm again it will start encoding an edge but this shouldn’t happen. The process is shown in the figure 6. Figure 6. Packet w received to victim A good traceback scheme should provide accurate information about routers near the attack source rather than those near to the victim. This is the pivotal drawback in the savage [9] algorithm. To overcome this drawback we described a modified algorithm in the next section and named it as an efficient probabilistic packet marking (EPPM) algorithm. R2 R3 Victim R1 R2 1 R3 -- 0 Source R1 R2 -- -- -1 R1 -- 0
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 137 The graph reconstruction procedure is started as soon as the victim starts collecting marked packets. When a marked packet arrives at the victim, the procedure first checks if this packet encodes a new edge. If so the procedure accordingly updates the constructed graph G. From the above example we get some sample packets as shown in figure 7. Figure 7. Sample of packets Then we extract path by enumerating acyclic paths in G and construct the attack graph as shown in the figure 8. Figure 8. The attack graph 4. Proposed algorithm In our proposed algorithm, as shown in the figure 9 we use an extra field named as flag which takes either 0 or 1. The flag value at first is made 0 and if the end field is set then the flag is made 1. Now, the start field is encoded only when the flag is 0. If the flag is 1 it implies that the start and end fields together encoded an edge of the attack graph. The packet traverses from source to R1 to R2 and then to R3 as similar to in the previous section and assume that the encoding is also the same but after the packet received at R3. R3 cannot start encoding again since the flag value is 1. As the successive routers cannot start encoding that packet again, just they increment the distance field so that the victim can know the distance of the encoded edge from it. R2 R3 1 R1 R2 2 R3 -- 0 R2 R3 1 Source R1 R2 R3 Victim
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 138 Figure 9. Packet received from source to victim with the efficient encoding This modified algorithm is named as Efficient probabilistic packet marking algorithm and it is shown in figure 10. Marking procedure at router R for (each packet w received by the router) { generate a random number x between [0..1); if (x < pm and flag=0 ) then /* router starts marking. flag 0 implies that the packet is not encoded previously */ write router’s address into w.start and 0 into w.distance else { If ( w.distance = 0 ) then write router address into w.end and 1 into flag } /* flag 1 implies that the packet has encoded an edge and no other successive routers should start encoding */ If (flag = 1) then Increment w.distance by 1 /* w.distance represents the distance of the encoded edge from the victim V */ } } Figure 10. Efficient packet marking procedure 5. Experimentation and Result The result we get using the Savage algorithm is as shown in the figure 11. The (R1, R2) edge has been encoded, but R2 can again start encoding if x less than Pm. So in the result we get packets that are encoded with the edges nearer to the victim. In the above we mostly obtain the edge (R2, R3) which is nearer to the victim. If we have more number of routers then the effect of encoding the edges nearer to the victim can easily be observed. Source R1 R2 R3 Victim -- -- -1 0 R1 – 0 0 R1 R2 1 1 R1 R2 2 1
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 139 Figure 11. Result of the existing Savage packet marking algorithm Now let us see the result for the effective packet marking algorithm where the edge is encoded only once. From the fig 12 we observed that a part from the edges that are nearer to the victim, there are other edges mainly edges nearer to the source. As an edge once encoded cannot be over written. Figure 12. Result of proposed efficient packet marking algorithm.
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 140 The result after executing the graph reconstruction procedure is as follows: Figure 13. Graph reconstruction. 6. Conclusion and Future Work The imminent threats imposed by DoS attacks call for efficient and fast traceback schemes. Some of the desirable features of a good attack traceback scheme are providing accurate information about routers near the attack source rather than those near the victim. Avoiding the use of large amount of attack packets to construct the attack path or attack tree and low processing and storage overhead at intermediate routers. In this paper we propose a traceback scheme that enjoys the above features. Also, we try to eliminate the major problems of PPM [9]. PPM lacks many of the desirable features mentioned in the beginning. For example, routers that are far away from the victim have very low chance to pass their marking information to the victim because down stream routers overwrite this information, which leads to the loss of valuable marking information written by routers far away from the victim. Our modified probabilistic algorithm called Efficient Probabilistic Packet Marking algorithm (EPPM) overcome this problem. To conclude, our algorithm (EPPM) is an effective means of improving the reliability of original probabilistic packet marking algorithm. Our algorithm EPPM is a modified version of PPM algorithm. So EPPM inherits the defects of the PPM algorithm. Further widely distributed attacks and scalability etc will bear future research directions. References [1] ”CERT Advisory CA-2000-01: Denial-of-Service Developments,”Computer Emergency Response Team, http://www.cert.org/-advisories/-CA-2000-01.html, 2006.
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 141 [2] J. Ioannidis and S.M. Bellovin, “Implementing Pushback: Router-Based Defense against DDoS Attacks,” Proc. Network and Distributed System Security Symp., pp. 100-108, Feb. 2002. [3] S. Bellovin, M. Leech, and T. Taylor, ICMP Traceback Messages, Internet Draft -Bellovin- Itrace-04.txt, Feb. 2003. [4] K. Park and H. Lee, “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets,” Proc. ACM SIGCOMM ’01, pp. 15-26, 2001. [5] P. Ferguson and D. Senie, “RFC 2267: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing,” The Internet Soc., Jan. 1998. [6] D.K.Y. Yau, J.C.S. Lui, F. Liang, and Y. Yam, “Defending against Distributed Denial-of- Service Attacks with Max-Min Fair Server-Centric Router Throttles,” IEEE/ACM Trans. Networking, no. 1, [7] C.W. Tan, D.M. Chiu, J.C. Lui, and D.K.Y. Yau, “A DistributedThrottling Approach for Handling High-Bandwidth Aggregates,”IEEE Trans. Parallel and Distributed Systems, July 2007. [8] D. Dean, M. Franklin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Trans. Information and System Security, [9] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Practical Network Support for IP Traceback,” Proc. ACM SIGCOMM ’00, [10] D.X. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” Proc. IEEE INFOCOM ’01, Apr. 2001. [11] A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tchakountio,S.T. Kent, and W.T. Strayer, “Hash-Based IP Traceback,”Proc. ACM SIGCOMM ’01, Aug. 2001. [12] K. Park and H. Lee, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial-of-Service Attacks,” Proc. IEEE INFOCOM ’01, 2001. [13] M. Adler, “Trade-Offs in Probabilistic Packet Marking for IP Traceback,” J. ACM, Mar. 2005. [14] V. Paxson, “End-to-End Routing Behavior in the Internet,” IEEE/ACM Trans. Networking Oct. 1997. [15] M. T. Goodrich, “Efficient Packet Marking for Large-Scale IP Traceback,” in Proc. of ACM CCS 2002, Nov. 2002. [16] H. Burch and B. Cheswick, “Tracing anonymous packets to their approximate source,” in Usenix LISA, 2000. [17] M. Adler, J.-Y. Cai, J. Shapiro, and D. Towsley, “Estimation of congestion price using probabilistic packet marking,” in IEEE INFOCOM, 2003. [18] R. Stone. Centertrack: An ip overlay network for tracking dos floods. In Proceedings of 9th USENIX Security Symposium,August 2000. [19] S. Lee and C. Shields, “Tracing the source of network attack: A technical, legal and societal problem,” in IEEE Workshop on Information Assurance and Security, 2001.tT._y_Ì v kuoµ k/lQ ?S_yeT $M_U _k/lqQ8Q 8yem7NPOiWTVN Plm7_?¶.M_-aNPM_. ¦ k_ku¶{¨: . [.Lʦ .ËT sz _..x.. _ .L._.LÌ [20] J. Li, M. Sung, J. J. Xu, and L. E. Li, “Large-scale ip traceback in high-speed internet: Practical techniques and theoretical foundation,” in IEEE SSP, 2004. [21] Tao peng, Christopher Leckie and Kotagiri Ramamohanarao. Adjusted probabilistic packet marking for IP traceback. In Proceedings of Networking 2002 Pisa, Italy, May 2002.
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 142 Y. Bhavani is a Post Graduate in M.C.A from Kakatiya University in 1997, and she is pursuing M.Tech (Software Engineering) in KITS, Warangal. She worked as a Lecturer in Alluri Institute of Management Sciences, Warangal till 2005. She is working in the department of M.C.A of KITS , Warangal as Assisstant Professor, since 2006. She delivered guest lectures at JNTU University, Narayanama Engineering college,Hyderabad, in the field of Network Security. P.Niranjan Reddy received the B.E Computer Science from Nagpur University in 1992 and M.Tech (Computer Science and Engineering) from NIT, Warangal in the year 2001.He worked as a Lecturer and Assistant Professor in the department of CSE of KITS, Warangal, Since 1996. He is doing a part-time research in Kakatiya University, Warangal since 2007. He authored two text books, Theory of computation and Computer Graphics in the field of Computer Science. He published 3 papers inInternational Journals and 6 papers in International Conferences. Presently he is HOD of CSE in KITS, Warangal. He is member of the ISTE and CSI.

Recommended

A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
 
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...IJMER
 
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...IJTET Journal
 
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUESCOMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUESJournal For Research
 
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...ijsptm
 
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manetidescitation
 
SIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHODSIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHODIJNSA Journal
 
INTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED,REFERRED,MULTILINGUAL,INTERDISCIPLINARY, MONTHLY RESEARCH JOURNAL
 

Recommended

A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
 
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...IJMER
 
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...IJTET Journal
 
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUESCOMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUESJournal For Research
 
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...ijsptm
 
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manetidescitation
 
SIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHODSIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHODIJNSA Journal
 
INTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED,REFERRED,MULTILINGUAL,INTERDISCIPLINARY, MONTHLY RESEARCH JOURNAL
 
Elgamal signature for content distribution with network coding
Elgamal signature for content distribution with network codingElgamal signature for content distribution with network coding
Elgamal signature for content distribution with network codingijwmn
 
Review on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and PreventionReview on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and PreventionIJARIIT
 
Ab26180184
Ab26180184Ab26180184
Ab26180184IJERA Editor
 
Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Editor IJARCET
 
C241721
C241721C241721
C241721irjes
 
A survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolA survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolAlexander Decker
 
Grayhole
GrayholeGrayhole
GrayholeKumud Dixit
 
Prevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackPrevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackIJCERT
 
A new ids scheme against blackhole attack to enhance security in wireless net...
A new ids scheme against blackhole attack to enhance security in wireless net...A new ids scheme against blackhole attack to enhance security in wireless net...
A new ids scheme against blackhole attack to enhance security in wireless net...eSAT Journals
 
Nd
NdNd
NdRam Dutt Shukla
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuIJNSA Journal
 
Advisedly delayed packet attack on tcp based mobile ad-hoc networks
Advisedly delayed packet attack on tcp based mobile ad-hoc networksAdvisedly delayed packet attack on tcp based mobile ad-hoc networks
Advisedly delayed packet attack on tcp based mobile ad-hoc networkseSAT Journals
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERJournal For Research
 
Advisedly delayed packet attack on tcp based mobile
Advisedly delayed packet attack on tcp based mobileAdvisedly delayed packet attack on tcp based mobile
Advisedly delayed packet attack on tcp based mobileeSAT Publishing House
 
Performance Comparison of Cluster based and Threshold based Algorithms for De...
Performance Comparison of Cluster based and Threshold based Algorithms for De...Performance Comparison of Cluster based and Threshold based Algorithms for De...
Performance Comparison of Cluster based and Threshold based Algorithms for De...Eswar Publications
 
Performance investigation of re shuffling packet
Performance investigation of re shuffling packetPerformance investigation of re shuffling packet
Performance investigation of re shuffling packeteSAT Publishing House
 
Performance investigation of re shuffling packet attack on transport layer pr...
Performance investigation of re shuffling packet attack on transport layer pr...Performance investigation of re shuffling packet attack on transport layer pr...
Performance investigation of re shuffling packet attack on transport layer pr...eSAT Journals
 
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkAn Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkIJCNCJournal
 
Ijcatr04051009
Ijcatr04051009Ijcatr04051009
Ijcatr04051009Editor IJCATR
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attackRaj Sikarwar
 
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...Journal For Research
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211IJNSA Journal
 

More Related Content

What's hot

Elgamal signature for content distribution with network coding
Elgamal signature for content distribution with network codingElgamal signature for content distribution with network coding
Elgamal signature for content distribution with network codingijwmn
 
Review on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and PreventionReview on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and PreventionIJARIIT
 
Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Editor IJARCET
 
C241721
C241721C241721
C241721irjes
 
A survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolA survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolAlexander Decker
 
Prevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackPrevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackIJCERT
 
A new ids scheme against blackhole attack to enhance security in wireless net...
A new ids scheme against blackhole attack to enhance security in wireless net...A new ids scheme against blackhole attack to enhance security in wireless net...
A new ids scheme against blackhole attack to enhance security in wireless net...eSAT Journals
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuIJNSA Journal
 
Advisedly delayed packet attack on tcp based mobile ad-hoc networks
Advisedly delayed packet attack on tcp based mobile ad-hoc networksAdvisedly delayed packet attack on tcp based mobile ad-hoc networks
Advisedly delayed packet attack on tcp based mobile ad-hoc networkseSAT Journals
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERJournal For Research
 
Advisedly delayed packet attack on tcp based mobile
Advisedly delayed packet attack on tcp based mobileAdvisedly delayed packet attack on tcp based mobile
Advisedly delayed packet attack on tcp based mobileeSAT Publishing House
 
Performance Comparison of Cluster based and Threshold based Algorithms for De...
Performance Comparison of Cluster based and Threshold based Algorithms for De...Performance Comparison of Cluster based and Threshold based Algorithms for De...
Performance Comparison of Cluster based and Threshold based Algorithms for De...Eswar Publications
 
Performance investigation of re shuffling packet
Performance investigation of re shuffling packetPerformance investigation of re shuffling packet
Performance investigation of re shuffling packeteSAT Publishing House
 
Performance investigation of re shuffling packet attack on transport layer pr...
Performance investigation of re shuffling packet attack on transport layer pr...Performance investigation of re shuffling packet attack on transport layer pr...
Performance investigation of re shuffling packet attack on transport layer pr...eSAT Journals
 
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkAn Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkIJCNCJournal
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attackRaj Sikarwar
 

What's hot (20)

Elgamal signature for content distribution with network coding
Elgamal signature for content distribution with network codingElgamal signature for content distribution with network coding
Elgamal signature for content distribution with network coding
 
Review on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and PreventionReview on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and Prevention
 
Ab26180184
Ab26180184Ab26180184
Ab26180184
 
Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097Volume 2-issue-6-2095-2097
Volume 2-issue-6-2095-2097
 
C241721
C241721C241721
C241721
 
A survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolA survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocol
 
Grayhole
GrayholeGrayhole
Grayhole
 
Prevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackPrevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming Attack
 
A new ids scheme against blackhole attack to enhance security in wireless net...
A new ids scheme against blackhole attack to enhance security in wireless net...A new ids scheme against blackhole attack to enhance security in wireless net...
A new ids scheme against blackhole attack to enhance security in wireless net...
 
Nd
NdNd
Nd
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpu
 
Advisedly delayed packet attack on tcp based mobile ad-hoc networks
Advisedly delayed packet attack on tcp based mobile ad-hoc networksAdvisedly delayed packet attack on tcp based mobile ad-hoc networks
Advisedly delayed packet attack on tcp based mobile ad-hoc networks
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
 
Advisedly delayed packet attack on tcp based mobile
Advisedly delayed packet attack on tcp based mobileAdvisedly delayed packet attack on tcp based mobile
Advisedly delayed packet attack on tcp based mobile
 
Performance Comparison of Cluster based and Threshold based Algorithms for De...
Performance Comparison of Cluster based and Threshold based Algorithms for De...Performance Comparison of Cluster based and Threshold based Algorithms for De...
Performance Comparison of Cluster based and Threshold based Algorithms for De...
 
Performance investigation of re shuffling packet
Performance investigation of re shuffling packetPerformance investigation of re shuffling packet
Performance investigation of re shuffling packet
 
Performance investigation of re shuffling packet attack on transport layer pr...
Performance investigation of re shuffling packet attack on transport layer pr...Performance investigation of re shuffling packet attack on transport layer pr...
Performance investigation of re shuffling packet attack on transport layer pr...
 
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkAn Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
 
Ijcatr04051009
Ijcatr04051009Ijcatr04051009
Ijcatr04051009
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attack
 

Similar to AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM

BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...Journal For Research
 
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSTRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSIJNSA Journal
 
IRJET-A Survey On Opportunistic Piggyback Marking For IP Trace Back
IRJET-A Survey On Opportunistic Piggyback Marking For IP Trace BackIRJET-A Survey On Opportunistic Piggyback Marking For IP Trace Back
IRJET-A Survey On Opportunistic Piggyback Marking For IP Trace BackIRJET Journal
 
A Survey On Opportunistic Piggyback Marking For IP Trace Back
A Survey On Opportunistic Piggyback Marking For IP Trace BackA Survey On Opportunistic Piggyback Marking For IP Trace Back
A Survey On Opportunistic Piggyback Marking For IP Trace BackIRJET Journal
 
Detection and removal of multiple black hole attacks through sending forged p...
Detection and removal of multiple black hole attacks through sending forged p...Detection and removal of multiple black hole attacks through sending forged p...
Detection and removal of multiple black hole attacks through sending forged p...IRJET Journal
 
AODV Improvement by Modification at Source Node and Securing It from Black Ho...
AODV Improvement by Modification at Source Node and Securing It from Black Ho...AODV Improvement by Modification at Source Node and Securing It from Black Ho...
AODV Improvement by Modification at Source Node and Securing It from Black Ho...IJERA Editor
 
IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP SpoofingIRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP SpoofingIRJET Journal
 
Modified AODV Algorithm using Data Mining Process: Classification and Clustering
Modified AODV Algorithm using Data Mining Process: Classification and ClusteringModified AODV Algorithm using Data Mining Process: Classification and Clustering
Modified AODV Algorithm using Data Mining Process: Classification and Clusteringidescitation
 
The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET IJECEIAES
 
The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET IJECEIAES
 
A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...
A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...
A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...IJERD Editor
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
D03601023026
D03601023026D03601023026
D03601023026theijes
 
Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...
Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...
Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...IJECEIAES
 
“Reducing packet loss in manet”
“Reducing packet loss in manet”“Reducing packet loss in manet”
“Reducing packet loss in manet”Alexander Decker
 
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...IJMTST Journal
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackIJAEMSJORNAL
 

Similar to AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM (20)

BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
 
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSTRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
 
IRJET-A Survey On Opportunistic Piggyback Marking For IP Trace Back
IRJET-A Survey On Opportunistic Piggyback Marking For IP Trace BackIRJET-A Survey On Opportunistic Piggyback Marking For IP Trace Back
IRJET-A Survey On Opportunistic Piggyback Marking For IP Trace Back
 
A Survey On Opportunistic Piggyback Marking For IP Trace Back
A Survey On Opportunistic Piggyback Marking For IP Trace BackA Survey On Opportunistic Piggyback Marking For IP Trace Back
A Survey On Opportunistic Piggyback Marking For IP Trace Back
 
Detection and removal of multiple black hole attacks through sending forged p...
Detection and removal of multiple black hole attacks through sending forged p...Detection and removal of multiple black hole attacks through sending forged p...
Detection and removal of multiple black hole attacks through sending forged p...
 
AODV Improvement by Modification at Source Node and Securing It from Black Ho...
AODV Improvement by Modification at Source Node and Securing It from Black Ho...AODV Improvement by Modification at Source Node and Securing It from Black Ho...
AODV Improvement by Modification at Source Node and Securing It from Black Ho...
 
IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP SpoofingIRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
 
Modified AODV Algorithm using Data Mining Process: Classification and Clustering
Modified AODV Algorithm using Data Mining Process: Classification and ClusteringModified AODV Algorithm using Data Mining Process: Classification and Clustering
Modified AODV Algorithm using Data Mining Process: Classification and Clustering
 
The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET
 
The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET The resistance of routing protocols against DDOS attack in MANET
The resistance of routing protocols against DDOS attack in MANET
 
A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...
A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...
A Survey of various Methods of Preventing and Detecting Attacks on AODV-based...
 
D017131318
D017131318D017131318
D017131318
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
 
A43030104
A43030104A43030104
A43030104
 
D03601023026
D03601023026D03601023026
D03601023026
 
Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...
Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...
Elliptic Curve Cryptography Based Data Transmission against Blackhole Attack ...
 
“Reducing packet loss in manet”
“Reducing packet loss in manet”“Reducing packet loss in manet”
“Reducing packet loss in manet”
 
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing Attack
 

Recently uploaded

Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Recently uploaded (20)

Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 

AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM

  • 1. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 DOI : 10.5121/ijnsa.2010.2309 132 AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM Y.Bhavani P.Niranjan Reddy Asst.Professor Asst. Professor and Head yerram.bh@gmail.com npolala@yahoo.co.in Department of Computer Science and Engineering Kakatiya Institute of Technology and Science Warangal, Andhra Pradesh, India – 506 015 ABSTRACT Denial-of-service (DoS) attacks pose an increasing threat to today’s Internet. One major difficulty to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Probabilistic packet marking algorithm (PPM), allows the victim to trace back the appropriate origin of spoofed IP source address to disguise the true origin. In this paper we propose a technique that efficiently encodes the packets than the Savage probabilistic packet marking algorithm and reconstruction of the attack graph. This enhances the reliability of the probabilistic packet marking algorithm. KEYWORDS Denial-of-service, Probabilistic Packet Marking Algorithm, Efficient Probabilistic Packet Marking algorithm, attack graph. 1. INTRODUCTION Defending against Denial-of service attacks is far from an exact or complete science. Rate limiting, packet filtering [4], [6], [7], and ICMP traceback [3], in some cases, help limit the impact of Denial-of-service attacks, but usually only at points where the Denial-of-service attack is consuming fewer resources than that are available. In many cases, the only defense is a reactive one, where the source or sources of an ongoing attack are identified and prevented from continuing the attack. One major difficulty is to defend against Distributed Denial-of-service attack is that attackers often use fake, or spoofed IP addresses as the IP source address. Therefore, attackers can easily disguise themselves as some other hosts on the Internet. Because of the stateless nature of the Internet, it is a difficult task to determine or trace the source of these attacker’s packets and there by locate the potential locations of these attackers. This is known as the IP traceback problem. Many IP traceback techniques [8], [10], [11], [12], [14] have been proposed, they all have short comings that limit their usability in practice. Some of them are Ingress filtering[5] requires edge routers to have sufficient processing power, to inspect the packet’s destination IP address for normal packet forwarding service. It also need to inspect the source address and determine whether it is a legitimate or illegitimate address. Another major problem with ingress filtering is that this technique is only effective if there is a widespread deployment in the networking community such that many ISPs are willing to deploy this service. Moreover, even with the enabling of ingress filtering service, attackers can still forge the source IP addresses as other hosts within their network domain. Alternative approach to DDoS traceback includes input debugging approach [18] which requires cooperation between system administrators of different
  • 2. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 133 ISPs. Therefore, it may not be able to trace the attackers in realtime or in the midst of a DDoS attack. Other approaches such as controlled flooding [16], which either generates many additional packets to the network (which can be viewed as another form of DDoS attack), or network logging [11], which requires additional storage and computational overhead of the participating routers. All, the above approaches have performance problems and significant deployment difficulties. One promising solution, proposed by savage et al [9], is to let routers probabilistically mark packets with partial path information during packet forwarding. The victim then reconstructs the complete path after receiving a modest number of packets that contain the marking. This approach has a low overhead for routers and the network and supports incremental deployment. We call this type of approach as the IP marking approach. In this paper we propose a new scheme similar to the technique used by Savage. The difference is our technique significantly encodes all the edges needed by the victim to reconstruct the attack path. This paper is organized as follows. In section 2 we describe about PPM algorithm. Section 3 presents related work. Section 4 introduces the modified packet marking algorithm (EPPM) concrete encoding strategy and implemented with our new algorithm. Section 5 presents experimental results of our work. Finally section 6 describes conclusion and future scope of the work. 2. The Probabilistic Packet Marking Algorithm The probabilistic packet marking (PPM) algorithm was originally suggested by Burch and Cheswick [16] and was carefully designed and implemented by Savage et al. [9] to solve the IP traceback problem. It is a used to discover the Internet map or an attack graph during a distributed denial-of-service attack. The PPM algorithm consists of two procedures: The packet marking procedure and graph reconstruct procedure. In the packet marking procedure the packets randomly encode every edge of the attack graph and the graph reconstruction procedure obtains the constructed graph from this encoded information. Here the constructed graph should be the same as the attack graph. The constructed graph is the graph obtained by the PPM algorithm and attack graph is the set of paths the attack packets has been traversed. Figure 1. An attack graph containing attack path. A1 A2 A3 R6 R1 R4 R5R2 R3 V
  • 3. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 134 The network can be viewed as a directed graph G = (V,E) where V is the set of nodes and E is the set of edges. V may be a single host under attack, or a network border device such as a firewall or intrusion detection system that represents many such hosts. Every potential attack origin Ai is a leaf in a tree rooted at V and every router Ri is an internal node along a path between some Ai and V. The attack path from Ai is the ordered list of routers between Ai and V that the attack packet has traversed, e.g. the dotted line in the figure 1 indicate the attack path: (R1, R2,R3). The distance of Ri from V on a path is the number of routers between Ri and V on the path, e.g. the distance of R1 to V in the path (R1,R2,R3) is 2. The attack graph is the graph composed of the attack path e.g., the attack graph in the example will be the graph containing the attack path (R1,R2,R3). And we refer to the packets used in DDOS attacks as attack packets. 2.1 Packet Marking Procedure To implement an IP traceback service previously they used to allocate enough space in an IP packet header so that one can use this space to record the traversed path of a packet. For example, each router, beside performing the normal packet forwarding and routing functions, records or appends its own ID in the pre-allocated space at the packet’s header. In this analogy when a victim receives a marked packet, victim can examine the packet’s header and obtain the complete traverse path information of the marked packet. However, one major problem about this simple approach is that the length of a traversed path (e.g., number of hops) of a packet is not fixed. Therefore, it is impossible to pre-allocate sufficient amount of space in the packet’s header in advance. Another technical difficulty of recording complete path information of each packet to the victim is that if an attacker can potentially manipulate this path information and fill in false router’s identification in the packet’s header it misleads the victim site. The packet marking algorithm proposed by Savage [9] instead of recording the complete path information of a packet, only records each edge traversed from the attacker to the victim site in a probabilistic fashion. The routers encode the information in three marking fields of an attack packet: (start, end, distance). The start and end fields store the IP addresses of the two routers at the end points of the marked edge. The distance field records the number of hops between the marked edge and the victim site. In the PPM a packet stores the information of an edge in the IP header. The pseudocode of the procedure [9] is given in Fig. 2 for reference. The router determines how the packet can be processed depending on the random number generated,. If x is smaller than the predefined marking probability pm, the router chooses to start encoding an edge. The router sets the start field of the incoming packet to the routers address and resets the distance field to zero. If x is greater than pm, the router chooses to end encoding an edge by setting the router’s address in the end field. Marking procedure at router R for each packet w let x be a random number from [0..1) if x < pm then write R into w.start and 0 into w.distance else if w.distance = 0 then write R into w.end increment w.distance Figure 2. packet marking algorithm.
  • 4. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 135 2.2 Graph reconstruction procedure A victim V, upon receiving packets, first needs filtering of unmarked packets (since they don’t carry any information in the attack graph construction). The victim needs to execute the graph construction algorithm for all the collected marked packets and re-construct the attack graph. Figure 3 illustrates the attack graph construction algorithm. Attack Graph Construction Procedure at victim V let G be a tree with root being victim V ; let edges in G be tuples(start,end,distance); for (each received marked packet w) { if (w.distance==0) then insert edge (w.start,V ,0) into G ; else insert edge (w.start, w.end, w.distance) into G ; } remove any edge (x,y,d) with d ≠ distance from x to V in G ; extract path (Ri…Rj) by enumerating acyclic paths in G ; Figure 3. Attack Graph Construction algorithm. 3. Related Work In the packet marking procedure, even if a packet has already encoded an edge, successive routers may choose to start encoding another edge randomly. As a result, when a packet arrives at the victim, it may either encode any of the edges of the attack graph, or may not encode any edge. Figure 4 illustrates the set of marked and unmarked edges collected by the victim under a simple linear network topology. In this example, the victim could collect 4 types of packets. Figure 4. Example of packet marking procedure Source R1 R2 R3 Victim R3 --- 0 R1 R2 2 R2 R3 1 --- ---- --- - Start End d Marking field data
  • 5. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 136 According to the probabilistic packet marking algorithm, each packet may mark or unmark an edge with some probability. Let Pm(d) denote that an edge is marked, and it is d hops away from the victim site. In general, we have Pm(d) = p(1-p)d d≥0 (1) In some cases the packet may not be encoded at all, this is the case when in every router x is less than Pm. Let Pu(d) be the probability that a victim V will not find an edge which is d hops away as a marked edge. We have Pu(d) = (1-p)d+1 d≥0 (2) In other words, all routers along the path to the victim decide not to mark the packet. So figure 4 shows the marked packets with marked edges (R1, R2), (R2, R3), and (R3, -). The victim V can also receive unmarked packets. This paper mainly presents the effective way of encoding the edges. In the Savage[9] algorithm when a packet arrives at a router R1, the router determines how the packet can be processed based on a random number x (line number 1 in the Figure 2). If x is smaller than the predefined marking probability Pm, the router chooses to start encoding an edge. The router sets the start field of the incoming packet to the router’s address and resets the distance field of that packet to zero. Then, the router R1 forwards the packet to the next router R2 as shown in the figure 5. Figure 5. Packet w received to R2. When the packet arrives at the router R2, the router R2 again chooses if it should start encoding another edge. For example, for this time, let us suppose the router chooses not to start encoding a new edge (it is the case when x is greater than Pm). Then, the router R2 will discover that the previous router R1 has started marking an edge, because the distance field of the packet is zero. Eventually, the router R2 sets the end field of the packet to the router’s address as shown in figure 6. Then this router R2 again forwards the encoded packet to the next router R3. Now at R3 if x is smaller than the predefined marking probability Pm again it will start encoding an edge but this shouldn’t happen. The process is shown in the figure 6. Figure 6. Packet w received to victim A good traceback scheme should provide accurate information about routers near the attack source rather than those near to the victim. This is the pivotal drawback in the savage [9] algorithm. To overcome this drawback we described a modified algorithm in the next section and named it as an efficient probabilistic packet marking (EPPM) algorithm. R2 R3 Victim R1 R2 1 R3 -- 0 Source R1 R2 -- -- -1 R1 -- 0
  • 6. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 137 The graph reconstruction procedure is started as soon as the victim starts collecting marked packets. When a marked packet arrives at the victim, the procedure first checks if this packet encodes a new edge. If so the procedure accordingly updates the constructed graph G. From the above example we get some sample packets as shown in figure 7. Figure 7. Sample of packets Then we extract path by enumerating acyclic paths in G and construct the attack graph as shown in the figure 8. Figure 8. The attack graph 4. Proposed algorithm In our proposed algorithm, as shown in the figure 9 we use an extra field named as flag which takes either 0 or 1. The flag value at first is made 0 and if the end field is set then the flag is made 1. Now, the start field is encoded only when the flag is 0. If the flag is 1 it implies that the start and end fields together encoded an edge of the attack graph. The packet traverses from source to R1 to R2 and then to R3 as similar to in the previous section and assume that the encoding is also the same but after the packet received at R3. R3 cannot start encoding again since the flag value is 1. As the successive routers cannot start encoding that packet again, just they increment the distance field so that the victim can know the distance of the encoded edge from it. R2 R3 1 R1 R2 2 R3 -- 0 R2 R3 1 Source R1 R2 R3 Victim
  • 7. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 138 Figure 9. Packet received from source to victim with the efficient encoding This modified algorithm is named as Efficient probabilistic packet marking algorithm and it is shown in figure 10. Marking procedure at router R for (each packet w received by the router) { generate a random number x between [0..1); if (x < pm and flag=0 ) then /* router starts marking. flag 0 implies that the packet is not encoded previously */ write router’s address into w.start and 0 into w.distance else { If ( w.distance = 0 ) then write router address into w.end and 1 into flag } /* flag 1 implies that the packet has encoded an edge and no other successive routers should start encoding */ If (flag = 1) then Increment w.distance by 1 /* w.distance represents the distance of the encoded edge from the victim V */ } } Figure 10. Efficient packet marking procedure 5. Experimentation and Result The result we get using the Savage algorithm is as shown in the figure 11. The (R1, R2) edge has been encoded, but R2 can again start encoding if x less than Pm. So in the result we get packets that are encoded with the edges nearer to the victim. In the above we mostly obtain the edge (R2, R3) which is nearer to the victim. If we have more number of routers then the effect of encoding the edges nearer to the victim can easily be observed. Source R1 R2 R3 Victim -- -- -1 0 R1 – 0 0 R1 R2 1 1 R1 R2 2 1
  • 8. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 139 Figure 11. Result of the existing Savage packet marking algorithm Now let us see the result for the effective packet marking algorithm where the edge is encoded only once. From the fig 12 we observed that a part from the edges that are nearer to the victim, there are other edges mainly edges nearer to the source. As an edge once encoded cannot be over written. Figure 12. Result of proposed efficient packet marking algorithm.
  • 9. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 140 The result after executing the graph reconstruction procedure is as follows: Figure 13. Graph reconstruction. 6. Conclusion and Future Work The imminent threats imposed by DoS attacks call for efficient and fast traceback schemes. Some of the desirable features of a good attack traceback scheme are providing accurate information about routers near the attack source rather than those near the victim. Avoiding the use of large amount of attack packets to construct the attack path or attack tree and low processing and storage overhead at intermediate routers. In this paper we propose a traceback scheme that enjoys the above features. Also, we try to eliminate the major problems of PPM [9]. PPM lacks many of the desirable features mentioned in the beginning. For example, routers that are far away from the victim have very low chance to pass their marking information to the victim because down stream routers overwrite this information, which leads to the loss of valuable marking information written by routers far away from the victim. Our modified probabilistic algorithm called Efficient Probabilistic Packet Marking algorithm (EPPM) overcome this problem. To conclude, our algorithm (EPPM) is an effective means of improving the reliability of original probabilistic packet marking algorithm. Our algorithm EPPM is a modified version of PPM algorithm. So EPPM inherits the defects of the PPM algorithm. Further widely distributed attacks and scalability etc will bear future research directions. References [1] ”CERT Advisory CA-2000-01: Denial-of-Service Developments,”Computer Emergency Response Team, http://www.cert.org/-advisories/-CA-2000-01.html, 2006.
  • 10. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 141 [2] J. Ioannidis and S.M. Bellovin, “Implementing Pushback: Router-Based Defense against DDoS Attacks,” Proc. Network and Distributed System Security Symp., pp. 100-108, Feb. 2002. [3] S. Bellovin, M. Leech, and T. Taylor, ICMP Traceback Messages, Internet Draft -Bellovin- Itrace-04.txt, Feb. 2003. [4] K. Park and H. Lee, “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets,” Proc. ACM SIGCOMM ’01, pp. 15-26, 2001. [5] P. Ferguson and D. Senie, “RFC 2267: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing,” The Internet Soc., Jan. 1998. [6] D.K.Y. Yau, J.C.S. Lui, F. Liang, and Y. Yam, “Defending against Distributed Denial-of- Service Attacks with Max-Min Fair Server-Centric Router Throttles,” IEEE/ACM Trans. Networking, no. 1, [7] C.W. Tan, D.M. Chiu, J.C. Lui, and D.K.Y. Yau, “A DistributedThrottling Approach for Handling High-Bandwidth Aggregates,”IEEE Trans. Parallel and Distributed Systems, July 2007. [8] D. Dean, M. Franklin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Trans. Information and System Security, [9] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Practical Network Support for IP Traceback,” Proc. ACM SIGCOMM ’00, [10] D.X. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” Proc. IEEE INFOCOM ’01, Apr. 2001. [11] A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tchakountio,S.T. Kent, and W.T. Strayer, “Hash-Based IP Traceback,”Proc. ACM SIGCOMM ’01, Aug. 2001. [12] K. Park and H. Lee, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial-of-Service Attacks,” Proc. IEEE INFOCOM ’01, 2001. [13] M. Adler, “Trade-Offs in Probabilistic Packet Marking for IP Traceback,” J. ACM, Mar. 2005. [14] V. Paxson, “End-to-End Routing Behavior in the Internet,” IEEE/ACM Trans. Networking Oct. 1997. [15] M. T. Goodrich, “Efficient Packet Marking for Large-Scale IP Traceback,” in Proc. of ACM CCS 2002, Nov. 2002. [16] H. Burch and B. Cheswick, “Tracing anonymous packets to their approximate source,” in Usenix LISA, 2000. [17] M. Adler, J.-Y. Cai, J. Shapiro, and D. Towsley, “Estimation of congestion price using probabilistic packet marking,” in IEEE INFOCOM, 2003. [18] R. Stone. Centertrack: An ip overlay network for tracking dos floods. In Proceedings of 9th USENIX Security Symposium,August 2000. [19] S. Lee and C. Shields, “Tracing the source of network attack: A technical, legal and societal problem,” in IEEE Workshop on Information Assurance and Security, 2001.tT._y_Ì v kuoµ k/lQ ?S_yeT $M_U _k/lqQ8Q 8yem7NPOiWTVN Plm7_?¶.M_-aNPM_. ¦ k_ku¶{¨: . [.Lʦ .ËT sz _..x.. _ .L._.LÌ [20] J. Li, M. Sung, J. J. Xu, and L. E. Li, “Large-scale ip traceback in high-speed internet: Practical techniques and theoretical foundation,” in IEEE SSP, 2004. [21] Tao peng, Christopher Leckie and Kotagiri Ramamohanarao. Adjusted probabilistic packet marking for IP traceback. In Proceedings of Networking 2002 Pisa, Italy, May 2002.
  • 11. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010 142 Y. Bhavani is a Post Graduate in M.C.A from Kakatiya University in 1997, and she is pursuing M.Tech (Software Engineering) in KITS, Warangal. She worked as a Lecturer in Alluri Institute of Management Sciences, Warangal till 2005. She is working in the department of M.C.A of KITS , Warangal as Assisstant Professor, since 2006. She delivered guest lectures at JNTU University, Narayanama Engineering college,Hyderabad, in the field of Network Security. P.Niranjan Reddy received the B.E Computer Science from Nagpur University in 1992 and M.Tech (Computer Science and Engineering) from NIT, Warangal in the year 2001.He worked as a Lecturer and Assistant Professor in the department of CSE of KITS, Warangal, Since 1996. He is doing a part-time research in Kakatiya University, Warangal since 2007. He authored two text books, Theory of computation and Computer Graphics in the field of Computer Science. He published 3 papers inInternational Journals and 6 papers in International Conferences. Presently he is HOD of CSE in KITS, Warangal. He is member of the ISTE and CSI.