180 likes | 370 Views
Outline. Background Traceback (Related work) DPM,PPM,DPPM EAST Performance Conclusion. Background. DoS problem has been divided into three. Prevention Detection Mitigation Traceback which is under Mitigation. Traceback (Related work).
E N D
Outline • Background • Traceback(Related work) • DPM,PPM,DPPM • EAST • Performance • Conclusion
Background • DoS problem has been divided into three. • Prevention • Detection • Mitigation • Traceback which is under Mitigation.
Traceback(Related work) • There are many techniques have been proposed to traceback. • Link testing.
Traceback(Related work) • There are many techniques have been proposed to traceback. • Link testing. • ICMP 1/20,000
Traceback(Related work) • There are many techniques have been proposed to traceback. • Link testing. • ICMP • Logging • Packet Marking • Deterministic Packet Marking(DPM) • Probabilistic Packet Marking(PPM) • Dynamic Probabilistic Packet Marking(DPPM) Storage Storage Storage Storage Storage Storage
Deterministic Packet Marking(DPM) • DPM marks every packet at the edge router. • Use 16 bits IP Header and 1 bit Flag.
Probabilistic Packet Marking(PPM) • Probability,p=1/25 • IP header 16bits=> 8bits IP address, 8bits distance • Routers 64Bits fragmentation to 8 x 8bitsand victim combine. DPM VS PPM
Dynamic Probabilistic Packet Marking(DPPM) • Probability,p=1/d • d is the traveling distance(by packet’s TTL) • Packets to reconstruct the path are reduced. DPPM VS PPM
TTL drawbacks • 1. Initial TTL value is system dependent and would be changing based on the used system. • 2. Attacker can intentionally inject packets with different TTL to confuse the technique.
EFFICIENT AS TRACEBACK (EAST) • AS(Autonomous System),ASBR,BGP • AIM: • Solve TTL drawbacks. • Reducing the required number of packets in the traceback. (Reduce storage at the victim)
EAST • The 25 bits comes from three different fields, namely Type of service (TOS), identification(ID), and reservation flag (RF).
EAST • Probability,p=1/(a-2) • ais ASs from attacker to the AS of the victim. • performs traceback at the AS level,acan be known in advance. • Solve TTL problem 32bits hash to 22bits
Conclusion • DoS Traceback has many way. • EAST maybe is better than PPM,DPPM.
REFERENCES • [1] Ping-Hsien Yu, An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System, Department of Computer Science & Information Engineering 2011 • [2]彭士浩, 張晉銘, 卓信宏, 林宜隆, 趙涵捷, "基於機率的封包標記選擇策略改善IP回溯效能," 第十六屆臺灣網際網路研討會 (TANET 2011), Ilan, Taiwan, October 24-26, 2011.