Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy
Traceback schemes have been proposed to trace the sources of attacks that usually hide by spoofing their IP addresses. Among these methods, schemes using packet logging can achieve single-packet traceback. But packet logging demands high storage on routers and therefore makes IP traceback impractica...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2014-01-01
|
| Series: | The Scientific World Journal |
| Online Access: | http://dx.doi.org/10.1155/2014/239280 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832553292133040128 |
|---|---|
| author | Ming Hour Yang |
| author_facet | Ming Hour Yang |
| author_sort | Ming Hour Yang |
| collection | DOAJ |
| description | Traceback schemes have been proposed to trace the sources of attacks that usually hide by spoofing their IP addresses. Among these methods, schemes using packet logging can achieve single-packet traceback. But packet logging demands high storage on routers and therefore makes IP traceback impractical. For lower storage requirement, packet logging and packet marking are fused to make hybrid single-packet IP traceback. Despite such attempts, their storage still increases with packet numbers. That is why RIHT bounds its storage with path numbers to guarantee low storage. RIHT uses IP header’s ID and offset fields to mark packets, so it inevitably suffers from fragment and drop issues for its packet reassembly. Although the 16-bit hybrid IP traceback schemes, for example, MORE, can mitigate the fragment problem, their storage requirement grows up with packet numbers. To solve the storage and fragment problems in one shot, we propose a single-packet IP traceback scheme that only uses packets’ ID field for marking. Our major contributions are as follows: (1) our fragmented packets with tracing marks can be reassembled; (2) our storage is not affected by packet numbers; (3) it is the first hybrid single-packet IP traceback scheme to achieve zero false positive and zero false negative rates. |
| format | Article |
| id | doaj-art-ca68ce290976475e955c69230de9ee93 |
| institution | Kabale University |
| issn | 2356-6140 1537-744X |
| language | English |
| publishDate | 2014-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | The Scientific World Journal |
| spelling | doaj-art-ca68ce290976475e955c69230de9ee932025-02-03T05:54:22ZengWileyThe Scientific World Journal2356-61401537-744X2014-01-01201410.1155/2014/239280239280Hybrid Single-Packet IP Traceback with Low Storage and High AccuracyMing Hour Yang0Department of Information and Computer Science, Chung Yuan Christian University, No. 200, Chung Pei Road, Chung Li City, Taoyuan County 32023, TaiwanTraceback schemes have been proposed to trace the sources of attacks that usually hide by spoofing their IP addresses. Among these methods, schemes using packet logging can achieve single-packet traceback. But packet logging demands high storage on routers and therefore makes IP traceback impractical. For lower storage requirement, packet logging and packet marking are fused to make hybrid single-packet IP traceback. Despite such attempts, their storage still increases with packet numbers. That is why RIHT bounds its storage with path numbers to guarantee low storage. RIHT uses IP header’s ID and offset fields to mark packets, so it inevitably suffers from fragment and drop issues for its packet reassembly. Although the 16-bit hybrid IP traceback schemes, for example, MORE, can mitigate the fragment problem, their storage requirement grows up with packet numbers. To solve the storage and fragment problems in one shot, we propose a single-packet IP traceback scheme that only uses packets’ ID field for marking. Our major contributions are as follows: (1) our fragmented packets with tracing marks can be reassembled; (2) our storage is not affected by packet numbers; (3) it is the first hybrid single-packet IP traceback scheme to achieve zero false positive and zero false negative rates.http://dx.doi.org/10.1155/2014/239280 |
| spellingShingle | Ming Hour Yang Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy The Scientific World Journal |
| title | Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy |
| title_full | Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy |
| title_fullStr | Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy |
| title_full_unstemmed | Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy |
| title_short | Hybrid Single-Packet IP Traceback with Low Storage and High Accuracy |
| title_sort | hybrid single packet ip traceback with low storage and high accuracy |
| url | http://dx.doi.org/10.1155/2014/239280 |
| work_keys_str_mv | AT minghouryang hybridsinglepacketiptracebackwithlowstorageandhighaccuracy |