Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19]


Journal of Information Science and Engineering, Vol. 30 No. 6, pp. 1673-1694 (November 2014)

Single Packet ICMP Traceback Technique using Router Interface

Department of Computer Science and Engineering
Thiagarajar College of Engineering
Madurai, 625015 Tamilnadu, India
E-mail: {mviji; shalinie}

In the modern technological world, with the increasing dependency on Internet the security threats are on the rise. Distributed Denial of Service (DDoS) attack is one of the biggest threats. The attackers tend to exhaust the network resources, while ingeniously hiding their identity, making the defense process extremely difficult. Many researchers have proposed various solutions to traceback the true origin of attack. Among them Internet Control Message Protocol (ICMP) traceback was considered an industry standard by Internet Engineering Task Force (IETF). ICMP Traceback (ITrace) does not require any change in the existing infrastructure. However it consumes considerable bandwidth and requires a large number of packets to traceback an attacker. This work proposes a Single Packet ICMP Traceback technique using Router Interface (SPITRI). It traces the origin of flooding attack with a single ICMP packet. The bandwidth overhead incurred by SPITRI is several times lesser than ITrace. SPITRI was simulated over the CAIDA Ark dataset. It can traceback the attackers with high accuracy, with zero false positive and zero false negative result. The efficacy of the proposed scheme is demonstrated by simulating and comparing it with ITrace, and the latest router interface based single packet traceback scheme.

Keywords: DDoS attack, IP spoofing, IP traceback, single packet, packet marking, ICMP traceback

Full Text () Retrieve PDF document (201411_01.pdf)

Received December 24, 2013; revised March 21, 2014; accepted April 19, 2014.
Communicated by Ren-Hung Hwang.