IP traceback through modified probabilistic packet marking algorithm

Bhavani, Y.; Janaki, V.; Sridevi, R.

doi:10.1109/tencon.2013.6718523

Cited by 6 publications

(4 citation statements)

References 11 publications

(6 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this technique each router in the attack path as shown in fig.2 marks the packet with the partial IP address information called the marking information. This marking information is placed into the IP packet with a fixed probability 5,12 .…”

Section: Probabilistic Packet Marking(ppm)mentioning

confidence: 99%

Survey on Packet Marking Algorithms for IP Traceback

2017

Self Cite

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attack is an unavoidable attack. Among various attacks on the network, DDoS attacks are difficult to detect because of IP spoofing. The IP traceback is the only technique to identify DDoS attacks. The path affected by DDoS attack is identified by IP traceback approaches like Probabilistic Packet marking algorithm (PPM) and Deterministic Packet Marking algorithm (DPM). The PPM approach finds the complete attack path from victim to the source where as DPM finds only the source of the attacker. Using DPM algorithm finding the source of the attacker is difficult, if the router get compromised. Using PPM algorithm we construct the complete attack path, so the compromised router can be identified. In this paper, we review PPM and DPM techniques and compare the strengths and weaknesses of each proposal.

show abstract

Section: Probabilistic Packet Marking(ppm)mentioning

confidence: 99%

Survey on Packet Marking Algorithms for IP Traceback

2017

Self Cite

View full text Add to dashboard Cite

show abstract

“…The most significant traceback strategies related to the proposed system have been implemented using probabilistic packet marking (PPM) or deterministic packet marking (DPM) . In PPM, each router probabilistically marks packets with its IP address.…”

Section: Related Workmentioning

confidence: 99%

Traceback model for identifying sources of distributed attacks in real time

Ahmed

Sadiq

Zolkipli

2016

Security Comm Networks

View full text Add to dashboard Cite

Locating sources of distributed attack is time-consuming; attackers are identified long after the attack is completed. This paper proposes a trackback model for identifying attackers and locating their distributed sources in real time. Attackers are identified by monitoring violations of malicious end users on their bandwidth shares predefined in the service level agreement. Then, active connections of the malicious users are investigated to locate the host machines used as distributed sources of attack traffic. Mathematical model and simulation results demonstrate that the proposed model can reduce the required time for identifying malicious users and locating host machines used as the actual sources of attack packets. Copyright

show abstract

“…If rand is less than the threshold marking probability P m and if flag field is equal to 0, then the packet is marked. This is done by setting the TOS field with the fragment number, identification field with the fragment (any two successive parts of X value), TTL field with distance and finally flag to 1 indicating that it has been marked [8]. When the same packet is selected to mark by the subsequent router, as the flag is set to 1, only the distance field is decremented keeping the remaining fields unaltered.…”

Section: Modified Probabilistic Packet Marking Algorithm Using Crtmentioning

confidence: 99%

“…Let Restable be a table of tuples(fragno, fragment, distance) for each packet pkt from attacker Restable.Insert(pkt.fragno, pkt.fragment, pkt.distance) if pkt.distance > maxd then maxd: = pkt.distance Remove duplicates from the Restable /* delete from Restable where ID not in (select min(ID) from Restable group by fragno, fragment, distance) */ Let S d be empty for 0 6 d 6 maxd for d: = 0 to maxd /* Select pkt.fragno, pkt.fragment from Restable pkt, Restable pkt1 where pkt.substr(0,7) = pkt.substr (8,15) and pkt.distance = d ordered by pkt.fragno */ for all ordered combinations and successive fragments if(pkt.substring(8,15) = pkt1.substring(0,7) /* where pkt and pkt1 are two successive fragments */ if(pkt.fragno = 0) S d = pkt.fragment else S d = Concatenate(S d , pkt.substring(8,15)) for d = 0 to maxd firstpart = pkt.substring(0,7); lastpart = pkt.substring(32,40); if(firstpart = lastpart) X dec = S d .substring(0, 32) Convert X dec from decimal to binary and store in X /* Find IP 1 IP 2 IP 3 IP 4 using CRT */ IP 1 = X mod 251 IP 2 = X mod 253 IP 3 = X mod 255 IP 4 = X mod 256 Combined IP address = (IP 1 . IP 2 .…”

Section: Reconstruction Procedures At Victim Vmentioning

confidence: 99%

IP Traceback through modified Probabilistic Packet Marking algorithm using Chinese Remainder Theorem

Bhavani

Janaki

Sridevi

2015

Ain Shams Engineering Journal

Self Cite

View full text Add to dashboard Cite

Probabilistic Packet Marking algorithm suggests a methodology to identify all the participated routers of the attack path by probabilistically marking the packets. In this approach, these marked packets contain partial information regarding the routers of the attack path. At receiver, to get the complete information of every router, it requires more number of marked packets and hence more combinations and more false positives. To overcome this drawback we have presented a novel idea in finding the exact IP address of the routers in the attack path by applying Chinese Remainder Theorem. The result of our implementation reveals that our idea requires less number of marked packets and takes no time in constructing the attack path. The same idea is true even in the case of multiple attackers. Ó 2014 Faculty of Engineering, Ain Shams University. Production and hosting by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

show abstract

IP traceback through modified probabilistic packet marking algorithm

Cited by 6 publications

References 11 publications

Survey on Packet Marking Algorithms for IP Traceback

Survey on Packet Marking Algorithms for IP Traceback

Traceback model for identifying sources of distributed attacks in real time

IP Traceback through modified Probabilistic Packet Marking algorithm using Chinese Remainder Theorem

Contact Info

Product

Resources

About