Performance of IP address fragmentation strategies for DDoS traceback

I. Hamadeh, G. Kesidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Distributed denial-of-service (DDoS) attacks are among the most difficult and damaging security problems that the Internet currently faces. The component problems for an end-system that is the victim of a DDoS attack are: determining which incoming packets are part of the attack (intrusion detection); tracing back to find the origins of the attack (i.e., "traceback"); taking action to mitigate or stop the attack at the source by configuring firewalls or taking some kind of punitive measures. The preferable solution to these problems operates in real time so that a DDoS attack can be mitigated before the victim is seriously harmed. The paper focuses on the technique of packet marking/overloading for automated DDoS traceback which is a complex problem simply because attackers can use spoof source IP addresses in their attacking packets. A new packet marking strategy is proposed and is shown to yield better results in terms of complexity and performance.

Original languageEnglish (US)
Title of host publicationProceedings of the 3rd IEEE Workshop on IP Operations and Management, IPOM 2003
EditorsDeep Medhi
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-7
Number of pages7
ISBN (Electronic)0780381998, 9780780381995
DOIs
StatePublished - 2003
Event3rd IEEE Workshop on IP Operations and Management, IPOM 2003 - Kansas City, United States
Duration: Oct 1 2003Oct 3 2003

Publication series

NameProceedings of the 3rd IEEE Workshop on IP Operations and Management, IPOM 2003

Other

Other3rd IEEE Workshop on IP Operations and Management, IPOM 2003
CountryUnited States
CityKansas City
Period10/1/0310/3/03

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Performance of IP address fragmentation strategies for DDoS traceback'. Together they form a unique fingerprint.

Cite this