Title: Extended deterministic edge router marking

Authors: Samant Saurabh; Sangita Roy; Ashok Singh Sairam

Addresses: Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna 800013, India ' Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna 800013, India ' Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna 800013, India

Abstract: In this paper, a novel deterministic edge router marking scheme to mitigate denial of service (DoS) attacks and perform traceback is proposed. The scheme is compatible to packet fragmentation and at the same time does not add space overhead. The proposed technique produces low false positive as well as adds very low processing and storage overhead at the edge router. An issue with existing filtering scheme for DoS attacks is that they suffer from heavy collateral damage. Our proposed scheme minimises collateral damage using signature pushback and allows legitimate traffic to be served smoothly. We optimise pushback by using Lamport hash chain and filtering time by sorting the attack feature based on its entropy. Empirical results confirm that our system is fast, accurate, scalable and greatly reduces blocking of legitimate traffic during the filtering phase.

Keywords: packet marking; denial of service; distributed DoS; DDoS attacks; hashing; attack signature; edge routers; IP fragmentation; hash chains; filtering; computer networks; distributed systems; traceback.

DOI: 10.1504/IJCNDS.2014.064042

International Journal of Communication Networks and Distributed Systems, 2014 Vol.13 No.2, pp.169 - 186

Accepted: 05 Nov 2013
Published online: 30 Aug 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article