View
214
Download
0
Category
Preview:
DESCRIPTION
Background DoS problem has been divided into three. 1. Prevention 2. Detection 3. Mitigation Traceback which is under Mitigation. 3
Citation preview
Outline
Background Traceback(Related work) DPM,PPM,DPPM EAST Performance Conclusion
2
Background
DoS problem has been divided into three.1. Prevention2. Detection3. Mitigation
Traceback which is under Mitigation.
3
Traceback(Related work)
There are many techniques have been proposed to traceback.
1. Link testing.
4
Traceback(Related work)
There are many techniques have been proposed to traceback.
1. Link testing.2. ICMP
1/20,000
5
Traceback(Related work)
There are many techniques have been proposed to traceback.
1. Link testing.2. ICMP3. Logging4. Packet Marking
Deterministic Packet Marking(DPM) Probabilistic Packet Marking(PPM) Dynamic Probabilistic Packet Marking(DPPM)
Storage
StorageStorageStorage
Storage Storage
6
Deterministic Packet Marking(DPM)
DPM marks every packet at the edge router. Use 16 bits IP Header and 1 bit Flag.
7
Probabilistic Packet Marking(PPM)
Probability,p=1/25 IP header 16bits=> 8bits IP address, 8bits distance Routers 64Bits fragmentation to 8 x 8bits
and victim combine.
8DPM VS PPM
Dynamic Probabilistic Packet Marking(DPPM)
Probability,p=1/d d is the traveling distance(by packet’s TTL) Packets to reconstruct the path are reduced.
9DPPM VS PPM
TTL drawbacks
1. Initial TTL value is system dependent and would be changing based on the used system.
2. Attacker can intentionally inject packets with different TTL to confuse the technique.
10
EFFICIENT AS TRACEBACK (EAST)
AS(Autonomous System),ASBR,BGP AIM:
1. Solve TTL drawbacks.2. Reducing the required number of packets in the
traceback. (Reduce storage at the victim)
11
EAST
The 25 bits comes from three different fields, namely Type of service (TOS), identification(ID), and reservation flag (RF).
12
EAST Probability,p=1/(a-2) a is ASs from attacker to the AS of the victim. performs traceback at the AS level,a can be known in advance. Solve TTL problem
13
32bits hash to 22bits
EAST algorithm
14
Performance and Analysis
15
Performance and Analysis
16
Conclusion
DoS Traceback has many way. EAST maybe is better than PPM,DPPM.
17
REFERENCES
[1] Ping-Hsien Yu, An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System, Department of Computer Science & Information Engineering 2011
[2] 彭士浩 , 張晉銘 , 卓信宏 , 林宜隆 , 趙涵捷 , " 基於機率的封包標記選擇策略改善 IP 回溯效能 ," 第十六屆臺灣網際網路研討會 (TANET 2011), Ilan, Taiwan, October 24-26, 2011.
18
THANK YOU.
19
Recommended