Title: Extended deterministic edge router marking
Authors: Samant Saurabh; Sangita Roy; Ashok Singh Sairam
Addresses: Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna 800013, India ' Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna 800013, India ' Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna 800013, India
Abstract: In this paper, a novel deterministic edge router marking scheme to mitigate denial of service (DoS) attacks and perform traceback is proposed. The scheme is compatible to packet fragmentation and at the same time does not add space overhead. The proposed technique produces low false positive as well as adds very low processing and storage overhead at the edge router. An issue with existing filtering scheme for DoS attacks is that they suffer from heavy collateral damage. Our proposed scheme minimises collateral damage using signature pushback and allows legitimate traffic to be served smoothly. We optimise pushback by using Lamport hash chain and filtering time by sorting the attack feature based on its entropy. Empirical results confirm that our system is fast, accurate, scalable and greatly reduces blocking of legitimate traffic during the filtering phase.
Keywords: packet marking; denial of service; distributed DoS; DDoS attacks; hashing; attack signature; edge routers; IP fragmentation; hash chains; filtering; computer networks; distributed systems; traceback.
DOI: 10.1504/IJCNDS.2014.064042
International Journal of Communication Networks and Distributed Systems, 2014 Vol.13 No.2, pp.169 - 186
Accepted: 05 Nov 2013
Published online: 30 Aug 2014 *