Deterministic packet marking (DPM) has recently been proposed as an alternative approach for IP traceback. It requires no extra bandwidth and is backward compatible with Internet equipments that do not implement it. Moreover, service providers can implement it without revealing their internal network topology. Unfortunately, the false positive rate could be very high if multiple hosts use the same source address to attack the victim simultaneously. Even worse, no source will be identified if attackers change their source addresses for every packet they send. These two problems can be solved with a modified DPM scheme which we called DPM with address digest (DPM-AD). We found that the false positive rate of the DPM-AD scheme could be much higher than it was claimed when the number of ingress router interfaces is larger than the number of attackers. In this paper, we propose and evaluate the false positive rate of a novel DPM scheme that is much more scalable than the DPM-AD scheme. Our analysis and simulation results show that the proposed DPM scheme can trace 1K simultaneous attackers at a false positive rate less than 0.5% with acceptable reconstruction complexity. 2005 IEEE.
|Number of pages||5|
|Journal||IEEE International Conference on Communications|
|State||Published - 15 Sep 2005|
|Event||2005 IEEE International Conference on Communications, ICC 2005 - Seoul, Korea, Republic of|
Duration: 16 May 2005 → 20 May 2005