Outline

Background Traceback(Related work) DPM,PPM,DPPM EAST Performance Conclusion

2

Background

DoS problem has been divided into three.1. Prevention2. Detection3. Mitigation

Traceback which is under Mitigation.

3

Traceback(Related work)

There are many techniques have been proposed to traceback.

1. Link testing.

4

Traceback(Related work)

There are many techniques have been proposed to traceback.

1. Link testing.2. ICMP

1/20,000

5

Traceback(Related work)

There are many techniques have been proposed to traceback.

1. Link testing.2. ICMP3. Logging4. Packet Marking

Deterministic Packet Marking(DPM) Probabilistic Packet Marking(PPM) Dynamic Probabilistic Packet Marking(DPPM)

Storage

StorageStorageStorage

Storage Storage

6

Deterministic Packet Marking(DPM)

DPM marks every packet at the edge router. Use 16 bits IP Header and 1 bit Flag.

7

Probabilistic Packet Marking(PPM)

Probability,p=1/25 IP header 16bits=> 8bits IP address, 8bits distance Routers 64Bits fragmentation to 8 x 8bits

and victim combine.

8DPM VS PPM

Dynamic Probabilistic Packet Marking(DPPM)

Probability,p=1/d d is the traveling distance(by packet’s TTL) Packets to reconstruct the path are reduced.

9DPPM VS PPM

TTL drawbacks

1. Initial TTL value is system dependent and would be changing based on the used system.

2. Attacker can intentionally inject packets with different TTL to confuse the technique.

10

EFFICIENT AS TRACEBACK (EAST)

AS(Autonomous System),ASBR,BGP AIM:

1. Solve TTL drawbacks.2. Reducing the required number of packets in the

traceback. (Reduce storage at the victim)

11

EAST

The 25 bits comes from three different fields, namely Type of service (TOS), identification(ID), and reservation flag (RF).

12

EAST Probability,p=1/(a-2) a is ASs from attacker to the AS of the victim. performs traceback at the AS level,a can be known in advance. Solve TTL problem

13

32bits hash to 22bits

EAST algorithm

14

Performance and Analysis

15

Performance and Analysis

16

Conclusion

DoS Traceback has many way. EAST maybe is better than PPM,DPPM.

17

REFERENCES

[1] Ping-Hsien Yu, An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System, Department of Computer Science & Information Engineering 2011

[2] 彭士浩 , 張晉銘 , 卓信宏 , 林宜隆 , 趙涵捷 , " 基於機率的封包標記選擇策略改善 IP 回溯效能 ," 第十六屆臺灣網際網路研討會 (TANET 2011), Ilan, Taiwan,   October 24-26, 2011.

18

THANK YOU.

19