Aparna Rani Dept. of Computer Network Engineering Poojya Doddappa Appa College of Engineering Kalaburagi, Karnataka, India

Similar documents
AN UNIQUE SCHEME FOR DETECTING IP SPOOFERS USING PASSIVE IP TRACEBACK

Enhancing the Reliability and Accuracy of Passive IP Traceback using Completion Condition

Spoofer Location Detection Using Passive Ip Trace back

Survey of Several IP Traceback Mechanisms and Path Reconstruction

Internet level Traceback System for Identifying the Locations of IP Spoofers from Path Backscatter

A hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage

IP TRACEBACK (PIT): A NOVEL PARADIGM TO CATCH THE IP SPOOFERS

A New Mechanism For Approach of IP Spoofers: Passive IP Traceback Using Backscatter Messages

A Survey on Different IP Traceback Techniques for finding The Location of Spoofers Amruta Kokate, Prof.Pramod Patil

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Comparative Study of IP Trace back Techniques

Prof. N. P. Karlekar Project Guide Dept. computer Sinhgad Institute of Technology

Single Packet IP Traceback in AS-level Partial Deployment Scenario

Multivariate Correlation Analysis based detection of DOS with Tracebacking

A Stateless Traceback Technique for Identifying the Origin of Attacks from a Single Packet

Identifying Spoofed Packets Origin using Hop Count Filtering and Defence Mechanisms against Spoofing Attacks

DoS Attacks. Network Traceback. The Ultimate Goal. The Ultimate Goal. Overview of Traceback Ideas. Easy to launch. Hard to trace.

An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network

A New Path for Reconstruction Based on Packet Logging & Marking Scheme

IP Traceback Based on Chinese Remainder Theorem

Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric

Scalable Hash-based IP Traceback using Rate-limited Probabilistic Packet Marking

SIMULATION OF THE COMBINED METHOD

A NEW IP TRACEBACK SCHEME TO AVOID LAUNCH ATTACKS

A Novel Approach to Denial-of-Service Attack Detection with Tracebacking

Experience with SPM in IPv6

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

STF-DM: A Sparsely Tagged Fragmentation with Dynamic Marking an IP Traceback Approach. Online Publication

Detection of Spoofing Attacks Using Intrusive Filters For DDoS

IP TRACEBACK Scenarios. By Tenali. Naga Mani & Jyosyula. Bala Savitha CSE Gudlavalleru Engineering College. GJCST-E Classification : C.2.

A Probabilistic Packet Marking scheme with LT Code for IP Traceback

MITIGATION OF DENIAL OF SERVICE ATTACK USING ICMP BASED IP TRACKBACK. J. Gautam, M. Kasi Nivetha, S. Anitha Sri and P. Madasamy

RETRIEVAL OF DATA IN DDoS ATTACKS BY TRACKING ATTACKERS USING NODE OPTIMIZATION TECHNIQUE

Geographical Division Traceback for Distributed Denial of Service

An IP Traceback using Packet Logging & Marking Schemes for Path Reconstruction

TO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM

TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS

DDOS Attack Prevention Technique in Cloud

Various Anti IP Spoofing Techniques

A Flow-Based Traceback Scheme on an AS-Level Overlay Network

Distributed Denial-of-Service Attack Prevention using Route-Based Distributed Packet Filtering. Heejo Lee

(Submit to Bright Internet Global Summit - BIGS)

Denial of Service, Traceback and Anonymity

MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES

MIB-ITrace-CP: An Improvement of ICMP-Based Traceback Efficiency in Network Forensic Analysis

An Efficient and Practical Defense Method Against DDoS Attack at the Source-End

Design and Simulation Implementation of an Improved PPM Approach

Provider-based deterministic packet marking against distributed DoS attacks

A Precise and Practical IP Traceback Technique Based on Packet Marking and Logging *

A Novel Packet Marking Scheme for IP Traceback

Passive IP Traceback: Disclosing the Locations of IP Spoofers from Path Backscatter

Analyze and Determine the IP Spoofing Attacks Using Stackpath Identification Marking and Filtering Mechanism

Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100

ABSTRACT. A network is an architecture with a lot of scope for attacks. The rise in attacks has been

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks

Distributed Denial of Service (DDoS)

IP Traceback Using DNS Logs against Bots

Multi Directional Geographical Traceback with n Directions Generalization

Analysis. Group 5 Mohammad Ahmad Ryadh Almuaili

Single Packet ICMP Traceback Technique using Router Interface

Computer Security: Principles and Practice

An Efficient Probabilistic Packet Marking Scheme for IP Traceback

Malicious Node Detection in MANET

International Journal of Advance Engineering and Research Development. A Feasible IP Traceback Framework throughdynamic Deterministic Packet Marking

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET)

Flow Control Packet Marking Scheme: to identify the sources of Distributed Denial of Service Attacks

On Design and Evaluation of Intention-Driven ICMP Traceback

CLASSIFICATION OF LINK BASED IDENTIFICATION RESISTANT TO DRDOS ATTACKS

A Thesis. Presented to. The Graduate Faculty of The University of Akron. In Partial Fulfillment. Master of Science. Shanmuga Sundaram Devasundaram

NOWADAYS, more and more critical infrastructures are

The Systematic Survey for IP Traceback Methods

DDoS and Traceback 1

IP Spoof Prevented Technique to Prevent IP Spoofed Attack

TOPO: A Topology-aware Single Packet Attack Traceback Scheme

IP traceback through (authenticated) deterministic flow marking: an empirical evaluation

Error-Free correlation in Encrypted Attack Traffic by Watermarking flow through Stepping Stones

On IPv6 Traceback. obaidgnetworking.khu.ac.kr,cshonggkhu.ac.kr. highlights the related works; Section 3 will give an overview

ABSTRACT. in defeating Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks.

International Journal of Scientific & Engineering Research, Volume 7, Issue 12, December ISSN

Xiang, Yang and Zhou, Wanlei 2005, Mark-aided distributed filtering by using neural network for DDoS defense, in GLOBECOM '05 : IEEE Global

INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014 ISSN

@IJMTER-2016, All rights Reserved ,2 Department of Computer Science, G.H. Raisoni College of Engineering Nagpur, India

Impact of bandwidth-delay product and non-responsive flows on the performance of queue management schemes

Chapter 7. Denial of Service Attacks

Flooding Attacks by Exploiting Persistent Forwarding Loops

Optimal Control of DDoS defense with Multi- Resource Max-min Fairness

IP Traceback Approaches for Detecting Origin of DDoS Cyber Attackers

High Performance Interconnect and NoC Router Design

EFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)

INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014

IP Spoofing Traceback Recent Challenges and Techniques

Challenges in Mobile Ad Hoc Network

A Dynamic Method to Detect IP Spoofing on Data Network Using Ant Algorithm

GLOBAL INTERNET ROUTING FORENSICS Validation of BGP Paths using ICMP Traceback

An Investigation about the Simulation of IP Traceback and Various IP Traceback Strategies

Keywords MANET, DDoS, Floodingattack, Pdr.

A DISTRIBUTED APPROACH FOR DETECTING WORMHOLE ATTACK IN WIRELESS NETWORK CODING SYSTEM

DENIAL OF SERVICE ATTACKS

A New Logging-based IP Traceback Approach using Data Mining Techniques

Performance Analysis of Mobile Ad Hoc Network in the Presence of Wormhole Attack

Transcription:

Capturing the Origins of IP Spoofers Using Passive IP Traceback Aparna Rani Dept. of Computer Network Engineering Poojya Doddappa Appa College of Engineering Kalaburagi, Karnataka, India aparna.goura@gmail.com Abstract: Attackers may use forged source IP address to conceal their real locations. To capture the spoofers, a number of IP traceback mechanisms have been proposed. A method called passive IP traceback (PIT) was proposed that bypasses the deployment difficulties of IP traceback techniques. PIT investigates Internet Control Message Protocol error messages (named path backscatter) triggered by spoofing traffic and tracks the spoofers based on public available information (e.g., topology). This also demonstrates the processes and effectiveness of PIT and shows the captured locations of spoofers through applying PIT on the path backscatter data set. Index Terms Denial of Service ( DoS), IP traceback, marking. I. INTRODUCTION Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. IP spoofing as a method of attacking a network in order to gain unauthorized access [1]. The attack is based on the fact that Internet communication between distant computers is routinely handled by routers which find the best route by examining the destination address, but generally ignore the origination address. The origination address is only used by the destination machine when it responds back to the source. In a spoofing attack, the intruder sends messages to a computer indicating that the message has come from a trusted system. To be successful, the intruder must first determine the IP address of a trusted system and then modify the packet headers to that it appears that the packets are coming from the trusted system. In essence, the attacker is fooling (spoofing) the distant computer into believing that they are a legitimate member of the network The goal of the attack is to establish a connection that will allow the attacker to gain root access to the host, allowing the creation of a backdoor entry path into the target system. IP spoofing is the creation of IP packets using somebody else s IP source addresses. This technique is used for obvious reasons and is employed in several of the attacks. Dr. Rekha Patil Associate Professor Dept. of Computer Network Engineering Poojya Doddappa Appa College of Engineering Kalaburagi, Karnataka, India rekha.patilcse@gmail.com Examining the IP header, we can see that the first 12 bytes contain various information about the packet. The next 8 bytes contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses specifically the source address field. A common misconception is that IP spoofing can be used to hide our IP address while surfing the Internet, chatting online, sending e- mail and so on. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection [2]. Figure 1: Valid source IP address. In figure 1, valid source IP address, illustrates a typical interaction between a workstation with a valid source IP address requesting web pages and the web server executing the requests. When the workstation requests a page from the web server the request contains both the workstation s IP address (i.e. source IP address 192.168.0.5) and the address of the web server executing the request (i.e. destination IP address 10.0.0.23). The web server returns the web page using the source IP address specified in the request as the destination IP address (192.168.0.59) and its own IP address as the source IP address (10.0.0.23). 5

FIGURE 2: SPOOFED SOURCE IP ADDRESS. In figure 2, spoofed source IP address illustrates the interaction between a workstation requesting web pages using a spoofed source IP address and the web server executing the requests. If a spoofed source IP address (i.e. 172.16.0.6) is used by the workstation, the web server executing the web page request will attempt to execute the request by sending information to the IP address of what it believes to be the originating system (i.e. the workstation at 172.16.0.6). The system at the spoofed IP address will receive unsolicited connection attempts from the web server that it will simply discard. II. RELATED WORK The two basic detecting mechanism of IP spoofing based attack is packet filtering and packet traceback at the node level. Many techniques have been proposed by various researchers based on the above mentioned two mechanisms. The partial path of the packet is inspected in order to find the true origin of the attack packet. This task of finding the true source of the malicious packet is called traceback mechanism. The first step towards the necessary legal action to discourage such attack in future is to identify the source address correctly. Savage et al. proposed to let routers mark packets probabilistically, so that the victim can collect the marked packets and reconstruct the attack path. One enhanced scheme of probabilistic packet marking has been proposed by Song et al. to reduce the false positive rate for reconstructing the attack path. Another enhanced scheme of probabilistic packet marking has been proposed to reduce the computational overhead. As a proactive solution to such attacks, several filtering schemes, which must execute on IP routers, have been proposed to prevent spoofed IP packets from reaching intended victims. The ingress filter blocks spoofed packets at edge routers, where address ownership is relatively unambiguous and traffic load is low. However, the success of ingress filtering hinges on its wide deployment in IP routers. Existing IP traceback approaches can be classified into five main categories: packet marking, ICMP traceback, logging on the router, link testing, overlay and hybrid tracing. 6 marking methods require routers modify the header of the packet to contain the information of the router and forwarding decision. Hence the receiver of the packet can then reconstruct the path of a packet (or an attacking flow) from the received packets. There are two classes of packet marking schemes: probabilistic packet marking [3], [6] [11] and deterministic packet marking [12] [15]. marking methods are generally considered to be lightweight because they do not cost storage resource on routers and the link bandwidth resource. However, packet marking is not a widely supported function on routers; thus, it is difficult to enable packet marking traceback in the network. Different from packet marking methods, ICMP traceback [4], [16], [17] generates addition ICMP messages to a collector or the destination. The ICMP messages can be used to reconstruct the attacking path. For example, if itrace [4] is enabled, routers generate ICMP samples to destinations with a certain probability. The shortcoming of ICMP traceback is considerable additional traffic will be generated to consume the already stressed bandwidth resource. Moreover, when the attack is against the bandwidth of the victim, the increased traffic will make the attack more serious. ICMP generation can be performed by the processor, but significant overhead will be introduced to the processor. Attacking path can be reconstructed from log on the router when router makes a record on the packets forwarded [5]. Bloom filter is used to reduce the number of bits to store a packet. Nevertheless, to achieve a low enough collision probability in current highspeed networks, the storage cost is still too large for commodity routers. Link testing is an approach which determines the upstream of attacking traffic hop-by-hop while the attack is in progress. A controlled flooding mechanism based on performing UDP request flooding iteratively on the victim rooted tree to see the effects on attacking traffic is proposed in [18]. Because of the huge scale of the Internet, this approach is hard to perform at the Internet level. CenterTrack [19] proposes offloading the suspect traffic from edge routers to special tracking routers through a overlay network. Though such a mechanism can reduce the requirement on edge routers, the management of the tunnels and the overlay network will be significantly increase the network management overhead [20]. Proposes building an AS-level overlay to trace spoofers. It is found if hundreds of ASes can join the overlay network, the spoofers can be accurately located. However, the challenge in practice is how to make the ASes cooperate. The intradomain version of this work [21] can avoid this problem, but it is necessary to update routers to adopt modification on OSPF. Though there has been a large number of promising traceback mechanisms, there is still a long way to get the proposed mechanisms widely deployed, especially at the Internet level. Currently, there is still lack of a ready mechanism to track the spoofers.

III. PROPOSED SYSTEM IV. MODULES USED We propose a solution, named Passive IP Traceback (PIT), to overcome the challenges in deployment. Routers may fail to forward an IP spoofing packet due to various reasons, e.g., TTL exceeding. In such cases, the routers may generate an ICMP error message (named path backscatter) and send the message to the spoofed source address. Because the routers can be close to the spoofers, the path backscatter messages may potentially disclose the locations of the spoofers. PIT exploits these path backscatter messages to find the location of the spoofers. With the locations of the spoofers known, the victim can seek help from the corresponding ISP to filter out the attacking packets, or take other counterattacks. PIT is especially useful for the victims in reflection based spoofing attacks, e.g., DNS amplification attacks. The victims can find the locations of the spoofers directly from the attacking traffic. Our work has following advantages: 1. It deeply investigates path backscatter messages. These messages are valuable to help understand spoofing activities. 2. PIT overcomes the deployment difficulties of existing IP traceback mechanisms. 3. PIT cannot work in all the attacks, but it does work in a number of spoofing activities. 4. A number of locations of spoofers are captured using PIT. Figure 3 explains that not all the packets reach their destinations. A network device may fail to forward a packet due to various reasons. Under certain conditions, it may generate an ICMP error message, i.e., path backscatter messages. The path backscatter messages will be sent to the source IP address indicated in the original packet. If the source address is forged, the messages will be sent to the node who actually owns the address. This means the victims of reflection based attacks and the hosts whose addresses are used by spoofers, are possibly to collect such messages. The modules used in our paper are: 1. Topology construction: The topology is the arrangement of nodes in the simulation area. The routers are connected in mesh topology. In which each routers are connected to each other via other routers (Path). Each host is connected via routers. Each host has multiple paths to reach a single destination node in the network. The nodes are connected by duplex link connection. 2. Collection of path backscatter messages: Though path backscatter can happen in any spoofing based attacks, it is not always possible to collect the path backscatter messages, as they are sent to the spoofed addresses. Path backscatter messages can be effectively collected in random spoofing attacks, reflection attacks and their combinations, which cover the majority of IP spoofing attacks. 3. Passive IP Traceback mechanism: We make use of path information to help track the location of the spoofer. 4. Performance evaluation: The performance is evaluated by using the network parameters like No. of bytes received, end to end delay and throughput. V. CAPTURING MECHANISM In this paper we describe the IP spoofing capturing mechanism which will first identify if the packet is malicious or not and if found malicious it will then try to identify the true source of the IP packet from where the packet has originated. Figure 4 explains the algorithm to capture IP spoofers. A network is constructed using nodes, routers and links. Nodes are connected via routers in mesh topology. In a network every source node has multiple paths to reach a destination node. Hence path selection is important step. Once path is selected packets are been sent to destination node. While sending packets, packet marking and logging takes place. If an attack and a spoofed node is found path reconstruction happens else packet is successfully reached at the destination node. Figure 3: Architecture of Proposed Work 7

Start International Journal of Advanced Research Foundation node is one of the important parameter to evaluate the quality of the network. Hence by looking at the below graph we can conclude that by applying PIT, more number of bytes are received by the destination node. Network Construction Path Selection Sending Marking and Logging Figure 5: Graph of data (bytes) versus time. Path Reconstruction Found Attack? Figure 4: Algorithm to capture IP spoofers. VI. Receive SIMULATION RESULTS The operating system used in our project is LINUX and the tool used is Network Simulator-2. NS2 is built using object oriented methods in C++ and O TCL. The language used at front end is O TCL (Object Oriented Tool Command Language). In our simulation, we are using 11 nodes as the router node and 20 nodes as the client-server node. Totally we are having 31 nodes in our network. The routers are connected in mesh topology. Each host is connected via routers. Each host has multiple paths to reach a single destination node in the network. The nodes are connected by duplex link connection. The bandwidth for each link is 100 mbps and delay time for each link is 10 ms. each edges uses Drop Tail Queue as the interface between the nodes. We can detect the locations of the IP spoofers using PIT. The results are drawn by taking into consideration PIT and IP traceback mechanisms. Graphs are shown below for both PIT and IP traceback mechanisms. Figure 5, describes about number of bytes received. A graph of data in bytes versus time period is plotted by considering time on x axis and data on y axis. The total number of bytes delivered to the destination successfully. Number of bytes received by the destination Figure 6: Graph of delay versus time. Figure 6, describes about end to end delay. A graph of delay versus time period is plotted, by considering time on x axis and delay on y axis. The time taken by the source node to deliver the data successfully to the destination is called as End to End delay. The following formula is used to calculate the End to End delay. End to End delay = A T - S T / n Where, A T Arrival time, n Number of connections and S T Sent time. Hence by looking at the above graph we can conclude that by applying PIT, we can achieve minimum end to end delay. Figure 7: Graph of packets delivered versus time. 8

Figure 7, describes about throughput which is also a major evaluation parameter to improve the quality of a network. A graph of packets delivered versus time period is plotted, by considering time on x axis and packets delivered on y axis. Throughput is the amount of packets delivered to the destination per unit of time. The Throughput is calculated by using the formula. Throughput= Number of packets delivered / Time Hence by looking at the above graph we can conclude that by applying PIT, we can achieve maximum throughput than by applying IP traceback mechanism. VII. CONCLUSION In this paper we proposed Passive IP Traceback (PIT) which tracks and captures spoofers based on path backscatter messages and public available information. We know how to apply PIT when the topology and routing information are known. We presented algorithm to capture the locations of IP spoofers using PIT. We demonstrated the effectiveness of PIT based on simulation. We compared the results of a network by applying PIT and by without applying PIT. Hence it is understood that the performance of a network is best by applying PIT. REFERENCES [13] Y. Xiang, W. Zhou, and M. Guo, Flexible deterministic packet marking: An IP traceback system to find the real source of attacks, IEEE Trans. Parallel Distrib. Syst., vol. 20, no. 4, pp. 567 580, Apr. 2009. [14] R. P. Laufer et al., Towards stateless single-packet IP traceback, in Proc. 32nd IEEE Conf. Local Comput. Netw. (LCN), Oct. 2007, pp. 548 555. [Online]. Available: http://dx.doi.org/10.1109/lcn.2007.160. [15] M. D. D. Moreira, R. P. Laufer, N. C. Fernandes, and O. C. M. B. Duarte, A stateless traceback technique for identifying the origin of attacks from a single packet, in Proc. IEEE Int. Conf.Commun. (ICC), Jun. 2011, pp. 1 6. [16] A. Mankin, D. Massey, C.-L. Wu, S. F. Wu, and L. Zhang, On design and evaluation of intention-driven ICMP traceback, in Proc. 10th Int. Conf. Comput. Commun. Netw., Oct. 2001, pp. 159 165. [17] H. C. J. Lee, V. L. L. Thing, Y. Xu, and M. Ma, ICMP traceback with cumulative path, an efficient solution for IP traceback, in Information and Communications Security. Berlin, Germany: Springer-Verlag, 2003, pp. 124 135. [18] H. Burch and B. Cheswick, Tracing anonymous packets to their approximate source, in Proc. LISA, 2000, pp. 319 327. [19] R. Stone, CenterTrack: An IP overlay network for tracking DoS floods, in Proc. 9th USENIX Secur. Symp., vol. 9. 2000, pp. 199 212. [20] A. Castelucio, A. Ziviani, and R. M. Salles, An AS-level overlay network for IP traceback, IEEE Netw., vol. 23, no. 1, pp. 36 41, Jan. 2009. [Online]. [21] A. Castelucio, A. T. A. Gomes, A. Ziviani, and R. M. Salles, Intradomain IP traceback using OSPF, Comput. Commun., vol. 35, no. 5, pp. 554 564, 2012.[Online]. [1] Hikmat Farhat, Zouk Mosbeh, A Scalable Method to Protect From IP Spoofing, 978-1-4244-2624-9/08/$25.00 2008 IEEE. [2] Bellovin, S. M. (1989, April). Security Problems in the TCP/IP Protocol. Computer Communication Review,Vol 19, No. 2, 32-48. [3] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, Practical network support for IP traceback, in Proc. Conf. Appl., Technol., Archit., Protocols Comput. Commun. (SIGCOMM), 2000, pp. 295 306. [4] S. Bellovin. ICMP Traceback Messages. [Online]. Available: http://tools.ietf.org/html/draft-ietf-itrace-04, accessed Feb. 2003. [5] A. C. Snoeren et al., Hash-based IP traceback, SIGCOMM Comput. Commun. Rev., vol. 31, no. 4, pp. 3 14, Aug. 2001 [6] M. T. Goodrich, Efficient packet marking for large-scale IP traceback, in Proc. 9th ACM Conf. Comput. Commun. Secur. (CCS), 2002, pp. 117 126. [7] D. X. Song and A. Perrig, Advanced and authenticated marking schemes for IP traceback, in Proc. IEEE 20th Annu. Joint Conf. IEEE Comput. Commun. Soc. (INFOCOM), vol. 2. Apr. 2001, pp. 878 886. [8] A. Yaar, A. Perrig, and D. Song, FIT: Fast internet traceback, in Proc. IEEE 24th Annu. Joint Conf. IEEE Comput. Commun. Soc. (INFOCOM), vol. 2. Mar. 2005, pp. 1395 1406. [9] J. Liu, Z.-J. Lee, and Y.-C. Chung, Dynamic probabilistic packet marking for efficient IP traceback, Comput. Netw., vol. 51, no. 3, pp. 866 882, 2007. [10] K. Park and H. Lee, On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, in Proc. IEEE 20th Annu. Joint Conf. IEEE Comput. Commun. Soc. (INFOCOM), vol. 1. Apr. 2001, pp. 338 347. [11] M. Adler, Trade-offs in probabilistic packet marking for IP traceback, J. ACM, vol. 52, no. 2, pp. 217 244, Mar. 2005. [12] Belenky and N. Ansari, IP traceback with deterministic packet marking, IEEE Commun. Lett., vol. 7, no. 4, pp. 162 164, Apr. 2003. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback