1 / 18

Outline

Outline. Background Traceback (Related work) DPM,PPM,DPPM EAST Performance Conclusion. Background. DoS problem has been divided into three. Prevention Detection Mitigation Traceback which is under Mitigation. Traceback (Related work).

ohio
Download Presentation

Outline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Outline • Background • Traceback(Related work) • DPM,PPM,DPPM • EAST • Performance • Conclusion

  2. Background • DoS problem has been divided into three. • Prevention • Detection • Mitigation • Traceback which is under Mitigation.

  3. Traceback(Related work) • There are many techniques have been proposed to traceback. • Link testing.

  4. Traceback(Related work) • There are many techniques have been proposed to traceback. • Link testing. • ICMP 1/20,000

  5. Traceback(Related work) • There are many techniques have been proposed to traceback. • Link testing. • ICMP • Logging • Packet Marking • Deterministic Packet Marking(DPM) • Probabilistic Packet Marking(PPM) • Dynamic Probabilistic Packet Marking(DPPM) Storage Storage Storage Storage Storage Storage

  6. Deterministic Packet Marking(DPM) • DPM marks every packet at the edge router. • Use 16 bits IP Header and 1 bit Flag.

  7. Probabilistic Packet Marking(PPM) • Probability,p=1/25 • IP header 16bits=> 8bits IP address, 8bits distance • Routers 64Bits fragmentation to 8 x 8bitsand victim combine. DPM VS PPM

  8. Dynamic Probabilistic Packet Marking(DPPM) • Probability,p=1/d • d is the traveling distance(by packet’s TTL) • Packets to reconstruct the path are reduced. DPPM VS PPM

  9. TTL drawbacks • 1. Initial TTL value is system dependent and would be changing based on the used system. • 2. Attacker can intentionally inject packets with different TTL to confuse the technique.

  10. EFFICIENT AS TRACEBACK (EAST) • AS(Autonomous System),ASBR,BGP • AIM: • Solve TTL drawbacks. • Reducing the required number of packets in the traceback. (Reduce storage at the victim)

  11. EAST • The 25 bits comes from three different fields, namely Type of service (TOS), identification(ID), and reservation flag (RF).

  12. EAST • Probability,p=1/(a-2) • ais ASs from attacker to the AS of the victim. • performs traceback at the AS level,acan be known in advance. • Solve TTL problem 32bits hash to 22bits

  13. EAST algorithm

  14. Performance and Analysis

  15. Performance and Analysis

  16. Conclusion • DoS Traceback has many way. • EAST maybe is better than PPM,DPPM.

  17. REFERENCES • [1] Ping-Hsien Yu, An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System, Department of Computer Science & Information Engineering 2011 • [2]彭士浩, 張晉銘, 卓信宏, 林宜隆, 趙涵捷, "基於機率的封包標記選擇策略改善IP回溯效能," 第十六屆臺灣網際網路研討會 (TANET 2011), Ilan, Taiwan,   October 24-26, 2011.

  18. THANK YOU.

More Related