27-06-2012, 12:18 PM
Traceback of DoS Attacks By Assigning Timeslots
Traceback of DoS Attacks.docx (Size: 41.01 KB / Downloads: 31)
Abstract
Denial-of-Service (DoS) attacks are a critical threat to the Internet. However, the memoryless feature of the Internet routing mechanisms makes it extremely hard to trace back to the source of these attacks. As a result, there is no effective and efficient method to deal with this issue so far. In this paper, we propose a novel traceback method for DoS attacks that is based on
entropy variations between normal and DoS attack traffic, which is fundamentally different from commonly used packet marking techniques.
INTRODUCTION
It is an extraordinary challenge to traceback the source of Denial-of-Service (DoS) attacks in the Internet. In DoS attacks, attackers generate a huge amount of requests to victims , with the aim of denying normal service or degrading of the quality of services. It has been a major threat to the Internet since year 2000, and a recent survey on the largest 70 Internet operators in the world demonstrated that DoS attacks are increasing dramatically, and individual attacks are more strong and sophisticated. Furthermore, the survey also found that the peak of 40 gigabit DoS attacks nearly doubled in 2008 compared with the previous year.
RELATED WORK
It is obvious that hunting down the attackers , and further to the hackers, is essential in solving the DoS attack challenge. The summary of the existing DoS traceback methods can be found in and . In general, the traceback strategies are based on packet marking. Packet marking methods include the PPM and the DPM. The PPM mechanism tries to mark packets with the router’s IP address information by probability on the local router, and the victim can reconstruct the paths that the attack packets went through. The PPM method is vulnerable to attackers, as pointed out in , as attackers can send spoofed marking information to the victim to mislead the victim.
ALGORITHMS FOR THE IP TRACEBACK MODEL
In this section, we design the related algorithms according to our previous modeling and analysis. There are two algorithms in the proposed traceback suite, the local flow monitoring algorithm and the IP traceback algorithm. The local flow monitoring algorithm is running at the nonattack period, accumulating information from normal network flows, and progressing the mean and the standard variation of flows. The progressing suspends when a DoS attack is ongoing.Once a DoS attack has been confirmed by any of the existing DoS detection algorithms, then the victim starts the IP traceback algorithm, which is The IP traceback algorithm is installed at routers.
SUMMARY AND FUTURE WORK
In this paper, we proposed an effective and efficient IP traceback scheme against DDoS attacks based on entropy variations by assigning timeslots. It is a fundamentally different traceback mechanism from the currently adopted packet marking strategies. Many of the available work on IP traceback depend on packet marking, either probabilistic packet marking or deterministic packet marking. Because of the vulnerability of the Internet, the packet marking mechanism suffers a number of serious drawbacks.