• Corpus ID: 13111541

A Novel Protocol for IP Traceback to Detect DDoS Attack

  title={A Novel Protocol for IP Traceback to Detect DDoS Attack},
  author={Yogesh Kumar Meena and Aditya Trivedi},
Distributed Denial of Service (DDoS) attacks continue to pose higher threats to the internet. [] Key Method The novel protocol is designed by using response 1, Nonce of secure- neighbor as the parameters. We developed a sample network model. We simulate the network model by applying secure-neighbor protocol in Qualnet. Through secureneighbor, we retrieve the basic parameter value (Response 1, Nonce) and apply the decryption function on Nonce and value of neighbor-timeout to find the attackers IP address. We…

Figures and Tables from this paper

The Innocent Perpetrators: Reflectors and Reflection Attacks

It is shown how reflection attacks are a potential threat to the cloud which is one of the most popular and highly evolving arenas in the Internet.



On the (in)Effectiveness of Probabilistic Marking for IP Traceback Under DDoS Attacks

It is shown that random marking is sufficient to impede the victim from tracing the attackers, and a simple enhancement based on IP path length distribution makes it harder for the victim.

Advanced and authenticated marking schemes for IP traceback

  • D. SongA. Perrig
  • Computer Science
    Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213)
  • 2001
Two new schemes are presented, the advanced marking scheme and the authenticated marking scheme, which allow the victim to trace-back the approximate origin of spoofed IP packets and provide efficient authentication of routers' markings such that even a compromised router cannot forge or tamper markings from other uncompromised routers.

Non-intrusive IP traceback for DDoS attacks

A Non-Intrusive IP traceback scheme which uses sampled traffic under non-attack conditions to build and maintains caches of the valid source addresses transiting network routers, allowing for a fast traceback and the scheme is scalable due to the distribution of processing workload.

FIT: fast Internet traceback

  • A. YaarA. PerrigD. Song
  • Computer Science
    Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.
  • 2005
This work proposes fast Internet traceback (FIT), a new packet marking approach that significantly improves IP traceback in several dimensions and represents a step forward in performance and deployability.

Space-time encoding scheme for DDoS attack traceback

This work presents a novel scheme, called the space-time encoding (STE) scheme, that requires very few bits to be marked on an IP packet, by every router along the attack path deterministically, and in the ideal case would require only 7 packets for successful traceback.

DDPM: Dynamic Deterministic Packet Marking for IP Traceback

The proposed marking procedure increases the possibility of DRDoS attack detection at the victim through Mark-based detection, and takes into account the marks of the packets to identify varying sources of a single site involved in a DDoS attack.

Adjusted Probabilistic Packet Marking for IP Traceback

This paper presents a packet marking algorithm which allows the victim to traceback the approximate origin of spoofed IP packets, and develops three techniques to adjust the packet marking probability, which significantly reduces the number of packets needed by the Victim to reconstruct the attack path.

An Efficient Probabilistic Packet Marking Scheme for IP Traceback

A new scheme, called Distributed Link-List Traceback, which combines the good features of probabilistic packet marking and Hash-based traceback is proposed, which requires small number of packets, adjustable amount of memory and offers high attack source detection percentage.

Tracing Attackers with Deterministic Edge Router Marking (DERM)

A novel approach to IP Traceback – Deterministic Edge Router Marking (DERM) that is scalable to thousands of attackers, is very simple to implement at the routers, has no bandwidth overhead and needs minimal processing and storage requirements at the victim.

GOSSIB vs. IP traceback rumors

  • M. Waldvogel
  • Computer Science
    18th Annual Computer Security Applications Conference, 2002. Proceedings.
  • 2002
This work analyzes the effects of an attacker using GOSSIB against CEFS and shows that the attacker can seed misinformation much more efficiently than the network is able to contribute real traceback information, rendering PPM effectively useless.