{"title":"FIT: fast Internet traceback","authors":"Abraham Yaar, A. Perrig, D. Song","doi":"10.1109/INFCOM.2005.1498364","DOIUrl":null,"url":null,"abstract":"Traceback mechanisms are a critical part of the defense against IP spoofing and DoS attacks, as well as being of forensic value to law enforcement. Currently proposed IP traceback mechanisms are inadequate to address the traceback problem for the following reasons: they require DDoS victims to gather thousands of packets to reconstruct a single attack path; they do not scale to large scale distributed DoS attacks; and they do not support incremental deployment. We propose fast Internet traceback (FIT), a new packet marking approach that significantly improves IP traceback in several dimensions: (1) victims can identify attack paths with high probability after receiving only tens of packets, a reduction of 1-3 orders of magnitude compared to previous packet marking schemes; (2) FIT performs well even in the presence of legacy routers, allowing every FIT-enabled router in path to be identified; and (3) FIT scales to large distributed attacks with thousands of attackers. Compared with previous packet marking schemes, FIT represents a step forward in performance and deployability.","PeriodicalId":20482,"journal":{"name":"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.","volume":"88 1","pages":"1395-1406 vol. 2"},"PeriodicalIF":0.0000,"publicationDate":"2005-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"254","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFCOM.2005.1498364","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 254
Abstract
Traceback mechanisms are a critical part of the defense against IP spoofing and DoS attacks, as well as being of forensic value to law enforcement. Currently proposed IP traceback mechanisms are inadequate to address the traceback problem for the following reasons: they require DDoS victims to gather thousands of packets to reconstruct a single attack path; they do not scale to large scale distributed DoS attacks; and they do not support incremental deployment. We propose fast Internet traceback (FIT), a new packet marking approach that significantly improves IP traceback in several dimensions: (1) victims can identify attack paths with high probability after receiving only tens of packets, a reduction of 1-3 orders of magnitude compared to previous packet marking schemes; (2) FIT performs well even in the presence of legacy routers, allowing every FIT-enabled router in path to be identified; and (3) FIT scales to large distributed attacks with thousands of attackers. Compared with previous packet marking schemes, FIT represents a step forward in performance and deployability.
回溯机制是防御IP欺骗和DoS攻击的关键部分,同时对执法具有法医价值。目前提出的IP溯源机制不足以解决溯源问题,原因如下:它们需要DDoS受害者收集数千个数据包来重建单个攻击路径;它们不能扩展到大规模分布式DoS攻击;而且它们不支持增量部署。本文提出了一种新的数据包标记方法fast Internet traceback (FIT),该方法在几个维度上显著提高了IP溯源能力:(1)受害者在接收数十个数据包后就可以高概率地识别出攻击路径,与以前的数据包标记方案相比降低了1-3个数量级;(2)即使在存在传统路由器的情况下,FIT也表现良好,允许识别路径中每个启用FIT的路由器;(3) FIT可扩展到具有数千攻击者的大型分布式攻击。与以前的数据包标记方案相比,FIT在性能和可部署性方面都取得了进步。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
