An efficient distributed algorithm to identify and traceback DDoS traffic

Computer Journal

Volumn 49, Issue 4, 2006, Pages 418-442

  Wong, T Y ^a   Law, K T ^a   Lui, John C S ^a   Wong, M H ^a  

^a CHINESE UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

Distributed algorithm; Programmable routers; Security and protection

Indexed keywords

ALGORITHMS; COMPUTER SIMULATION; DISTRIBUTED COMPUTER SYSTEMS; INTERNET; NETWORK PROTOCOLS; PACKET NETWORKS; ROUTERS; STATISTICS;

DENIAL-OF-SERVICE ATTACK; DISTRIBUTED ALGORTIHM; DISTRIBUTED TRACEBACK; PROGRAMMABLE ROUTERS;

SECURITY OF DATA;

EID: 33745684710     PISSN: 00104620     EISSN: 14602067     Source Type: Journal    
DOI: 10.1093/comjnl/bxl026     Document Type: Article

References (42)

1. CERT Coordinate Center (2000) CERT Advisory CA-2000-01: denial-of-service developments. Available at http://www.cert.org/ advisories/CA-2000-01.html.
2. Taylor, D. E., Lockwood, J. W., Sproull, T. S., Turner, J. S. and Parlour, D. B. (2002) Scalable IP lookup for programmable routers. In Proc. IEEE Infocom., New York, June 23-27, pp. 526-571. IEEE, Washington, DC.
3. Peterson, L. L., Karlin, S. and Li, K. (1999) OS support for general-purpose routers. In Proc. Workshop on Hot Topics in Operating Systems, Rio Rico, AZ, March 29-30, pp. 38-43. IEEE, Washington, DC.
4. Qie, X., Bavier, A., Peterson, L. and Karlin, S. (2001) Scheduling computations on a software-based router. In Proc. ACM SIGMETRICS, Cambridge, MA, June 16-20, pp. 13-24. ACM Press, New York, NY.
5. Yau, D. K. Y. and Chen, X. (2001) Resource management in software-programmable router operating systems. IEEE J. Sel. Area. Commun., 19, 488-500.
6. Chandy, K. M. and Lamport, L. (1985) Distributed snapshots: Determining global states of distributed systems. ACM Trans. Comput. Syst., 3, 63-75.
7. Internet Mapping Project (1999) Available at http://research.lumeta.com/ ches/map/index.html.
8. Bellovin, S. M.(ed.) (2000) ICMP Traceback Messages, Internet Draft: draft-bellovin-itrace-00.txt.
9. Cooperative Association for Internet Data Analysis. (1997) Available at http://www.caida.org/.
10. Savage, S., Wetherall, D., Karlin, A. and Anderson, T. (2000) Practical network support for IP traceback. In Proc. 2000 ACM SIGCOMM Conf., Stockholm, Sweden, August 28-September 1, pp. 295-306. ACM Press, New York, NY.
11. Song, D. X. and Perrig, A. (2001) Advanced and authenticated marking schemes for IP traceback. In Proc. IEEE INFOCOM '01, Anchorage, AK, April 22-26, pp. 878-886. IEEE, Washington, DC.
12. Wu, S. F., Zhang, L., Massey, D. and Mankin, A. (2001) Intention-Driven ICMP Trace-Back, Internet Draft: Draft-wuitrace- intention-00.txt.
13. Mankin, A., Massey, D., Wu, C.-L., Wu, S. F. and Zhang, L. (2001) On design and evaluation of intention-driven ICMP traceback. In Proc. IEEE Int. Conf. Computer Communications and Networks, Scottsdale, AZ, October 15-17, pp. 159-165. IEEE, Washington, DC.
14. Barry, D. (2004) Proactive protection: New techniques and best practices help service providers counter increase in cyber attacks. Packet: Cisco Systems Users Magazine, 16, 64-68.
15. Chan, B. C., Lau, J. C. and Lui, J. C. (2005) OPERA: An opensource extensible router architecture for adding new network services and protocols. J. Syst. Softw., 78, 24-36.
16. The netfiler/iptables projects. (2000) Available at: http://www.netfilter. org.
17. Harris, J. and Melara, A. J. (2002) Performance analysis of the Linux Firewall in a host. CiNIC - Calpoly intelligent NIC Project. Available at http://www.ee.calpoly.edu/3comproject/.
18. Mahajan, R., Bellovin, S. M., Floyd, S., Ioannidis, J., Paxson, V. and Shenker, S. (2002) Controlling high bandwidth aggregates in the network. ACM SIGCOMM Comput. Commun. Rev., 32, 62-73.
19. Zou, C. C., Gong, W. and Towsley, D. (2002) Code red worm propagation modeling and analysis. In Proc. 9th ACM Conf. Computer and Communications Security, Washington, DC, USA, November 18-22, pp. 138-147. ACM Press, New York, NY.
20. Paxson, V. (2001) An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. Rev., 31, 38-47.
21. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S. and Weaver, N. (2003) Inside the Slammer Worm. IEEE Secur. Privacy, 1, 33-39.
22. Kuzmanovic, A. and Knightly, E. W. (2003) Low-rate TCP-targeted denial of service attacks: The shrew vs. the mice and elephants. In Proc. ACM SIGCOMM 2003, Karlsruhe, Germany, August 25-29, pp. 75-86. ACM Press, New York, NY.
23. Shevtekar, A., Anantharam, K. and Ansari, N. (2005) Low rate TCP denial-of-service attack detection at edge routers. IEEE Commun. Lett., 9, 262-265.
24. Sun, H., Lui, J. C. S. and Yau, D. K. Y. (2004) Defending against low-rate TCP attack: Dynamic detection and protection. In Proc. IEEE Int. Conf. Network Protocols (ICNP), Berlin, Germany, October 5-8, pp. 196-205. IEEE, Washington, DC.
25. Bellowin, S. M. (1989) Security problems in the TCP/IP protocol suite. ACM Comput. Commun. Rev., 19, 32-48.
26. Ferguson, P. and Senie, D. (1998) RFC 2267: Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. Network Working Group, Request for Comments: 2267. Available at http://www.faqs.org/rfcs/rfc2267.html.
27. Park, K. and Lee, H. (2001) On the effectiveness of route-based packet filtering for distributed DoS Attack prevention in power-law internets. In Proc. SIGCOMM, San Diego, CA, August 27-31, pp. 15-26. ACM Press, New York, NY.
28. Global Incident Analysis Center Egress Filtering v 0.2 2000 Available at http://www.sans.org/y2k/egress.htm.
29. Yau, D. K. Y., Lui, J. C. S., Liang, F. and Yeung, Y. (2005) Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles. IEEE/ACM Trans. Netw., 13, 29-42.
30. Snoeren, A. C., Partridge, C., Sanchez, L. A., Jones, C. E., Tchakountio, F., Kent, S. T. and Strayer, W. T. (2001) Hashbased IP traceback. In Proc. ACM SIGCOMM 2001 Conf. Applications, Technologies, Architectures, and Protocols for Computer Communication. San Diego, CA, August 27-31, pp. 3-14. ACM Press, New York, NY.
31. Park, K. and Lee, H. (2001) On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In Proc. IEEE INFOCOM '01, Anchorage, AK, April 22-26, pp. 338-347. IEEE, Washington, DC.
32. Dean, D., Franklin, M. and Stubblefield, A. (2001) An algebraic approach to IP traceback. In Proc. Network and Distributed System Security Symp., NDSS '01, San Diego, CA, February 7-9, pp. 3-12. Internet Society, ISOC, Reston, VA.
33. Chen, S. and Song, Q. (2005) Perimeter-based defense against high bandwidth DDoS attacks. IEEE Trans. Paral. Distrib. Syst., 16, 526-537.
34. Xu, J. and Lee, W. (2003) Sustaining availability of web services under distributed denial of service attacks. IEEE Trans. Comput., 52, 195-208.
35. Law, K. T., Lui, J. C. S. and Yau, D. K. Y. (2005) You can run, but you can't hide: An effective methodology to traceback DDoS attackers. IEEE Trans. Paral. Distrib. Syst., 15, 799-813.
36. Adler, M. (2005) Trade-offs in probabilistic packet marking for IP traceback. J. ACM, 52, 217-244.
37. Sung, M. and Xu, J. (2003) IP traceback-based intelligent packet filtering: A novel technique for defending against internet DDoS attacks. IEEE Trans. Paral. Distrib. Syst., 14, 861-872.
38. Belenky, A. and Ansari, N. (2003) IP traceback with deterministic packet marking. IEEE Commun. Lett., 7, 162-164.
39. Belenky, A. and Ansari, N. (2003) On IP traceback. IEEE Commun. Mag., 41, 142-153.
40. Gao, Z. and Ansari, N. (2005) Tracing cyber attacks from the practical perspective. IEEE Commun. Mag., 43, 123-131.
41. Alves-Foss, J. (2000) An effcient secure authenticated group key exchange algorithm for large and dynamic groups. In Proc. 23rd National Information Systems Security Conf., October.
42. Rabbat, M., Nowak, R. and Coates, M. (2004) Multiple source, multiple destination network tomography. In Proc. IEEE Infocom 2004. Hong Kong, China, March 7-11, pp. 1628-1639. IEEE, Washington, DC.