Details

ANALYSIS OF ADJUSTED AND ADVANCED PACKET MARKING SCHEMES FOR TRACEBACK OF DENIAL OF SERVICE ATTACKS

by RIZVI, BILAL

Abstract (Summary)
Denials of Service (DoS) attacks have become a major problem on the internet. Trying to mitigate the effects of DoS attacks is not an effective solution to the problem. The solution lies in the identification or traceback of the source of the DoS attack and imposing legal or economical costs to the offending entity. Probabilistic Packet Marking (PPM) is one of the methods of implementing Traceback of DoS attacks. In this thesis, the author analyzes the effectiveness of two different Packet Marking Schemes which are based on PPM. PPM is based on marking IP packets with a fixed probability by all routers. However, a fixed marking probability allows a large number of packets to reach the victim unmarked, which can be spoofed to impede traceback. Hence, we present a study in this thesis for the effectiveness of Adjusted Probabilistic Packet Marking scheme (APPM), where variable marking probability is used in order for the victim to receive equal number of packets from all routers. Based on our study, we show that APPM is also subject to spoofing of marking field for small path lengths. A modified version of APPM is proposed in this thesis that reduces unmarked packets reaching the victim and the computational time needed for traceback. Advanced and Authenticated Packet Marking (AAPM) is another proposed marking scheme traceback of DoS attacks. AAPM uses hash functions to reduce the storage space requirement for encoding of the router IP address into the marking field of the IP packets. Here, a study is presented from the perspective of the attacker and the effects of inserting fake edges against AAPM are analyzed. Using the simulation software tool, Arena 5.0, it is shown that in the case of fixed marking probabilities, no matter from what distance a DoS attack is carried out, the attacker can always insert 24 different fake edges. In the case of variable marking probabilities, it is also shown that the number of different fake edges that can be inserted by the attacker depends on the number of routers present between the attacker and the victim.
Bibliographical Information:

Advisor:

School:University of Cincinnati

School Location:USA - Ohio

Source Type:Master's Thesis

Keywords:

ISBN:

Date of Publication:01/01/2004

© 2009 OpenThesis.org. All Rights Reserved.