Paper Info
Title
ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters
Abstract
Most of the schemes that mitigate DRDoS attack only provide mechanism for filtering the attack traffic. They do not provide any tool for tracing back to the attacker. The few schemes that perform IP traceback requires involvement of the reflectors which is quite difficult to obtain. They require reflectors to store huge amount of traffic logs and cooperate during the attack. Reverse iTrace is one of the only methods that help in identifying the attack source without any involvement of reflectors. However, it generates huge amount of overhead traffic and does not scale well in case of large number of reflectors. These problems have discouraged its deployment in the Internet. In this paper, we propose a system of two bloom filters known as Additive and Multiplicative Bloom Filters, which when incorporated with Reverse iTrace reduces the number of iTrace generated approximately by 100 times. It also prevents iTrace from becoming another DoS attack during the reflector attack. Our system has Attacker Identification Probability of around 95%. Moreover, it is highly scalable. Extensive mathematical analysis and experimental results obtained from traffic traces prove the effectiveness and accuracy of our work.
Year
DOI
Venue
2014
10.1016/j.comcom.2014.01.003
Computer Communications
Keywords
Field
DocType
reflector attack,attack source,bloom filter,reverse itrace,dos attack,ip traceback,drdos attack,traffic trace,overhead traffic,huge amount,negligible overhead,traffic log,attack traffic,denial of service attack
Bloom filter,Denial-of-service attack,Computer science,Computer network,Filter (signal processing),Real-time computing,IP traceback,Internet Control Message Protocol,Tracing,The Internet,Scalability
Journal
Volume
ISSN
Citations 
42,
0140-3664
10
PageRank 
References 
Authors
0.52
23
2
Name
Order
Citations
PageRank
Samant Saurabh1274.16
A. S. Sairam2100.52