Computing Publications

Publications Home » Non-intrusive IP Traceback for DD...

Non-intrusive IP Traceback for DDoS Attacks

Vrizlynn Thing, Morris Sloman, Naranker Dulay

Conference or Workshop Paper
ACM symposium on Information, Computer and Communications Security, Singapore
March, 2007
pp.371–373
ACM
DOI 10.1145/1229285.1229331
Abstract

The paper describes a Non-Intrusive IP traceback scheme which uses sampled traffic under non-attack conditions to build and maintains caches of the valid source addresses transiting network routers. Under attack conditions, route anomalies are detected by determining which routers have been used for unknown source addresses, in order to construct the attack graph. Results of simulation studies are presented. Our approach does not require changes to the Internet routers or protocols. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. Our algorithm is simple and efficient, allowing for a fast traceback and the scheme is scalable due to the distribution of processing workload

Notes

http://portal.acm.org/citation.cfm?id=1229331

BibTEX file for the publication
 

pubs.doc.ic.ac.uk: built & maintained by Ashok Argent-Katwala.