An Efficient Probabilistic Packet Marking Scheme for IP Traceback
Therefore, we can get bit space to mark the information. The full procedure is described in Fig. S  is a Maekawa set in algorithm. Variable q is the probability for marking. Variable c is the total marking times and its value is the number of rows of S. K is the number of fragments marked every time and its value is the number of columns of S . Variable fb is the number of bits of each fragment.
The marking sequence number generated orderly from j its initial value is 0 is stored into the cfragno field in IP header.
Three fragments for marking are filled into the cfrag field in IP header. The distance from the marking edge to the victim is written into the distance field in IP header. The function subs str,w,t is to get t-bit substring from string str beginning at the w-th bit. Attack path reconstruction based on Maekawa set: Attack path reconstruction has two major parts: one is the reordering of fragments and the other is path reconstruction. Having received the packets carrying all the attack edge information, the packets are arranged on distance and cfragno at victim.
There exists a dependent relationship among the marking fragments each time according to Maekawa set, so, we should get all fragments in some conditions and orders. Here, we set a two-dimensional table order depicting the order of attaining all the fragments. In this table, the row represents the number of fragments and the first column represents the condition which used to deduce frag[i].
The second column represents the fragment-ID and the third column represents the position. Having attained all the fragments, the edge is generated. The edge reordered is checked by the constraints according to Maekawa set and the collision edges will be removed. In the 3rd column, the x of x. Edge 1 is the starting node and edge 2 is the ending node. The starting node and the ending node are classified by flow direction.
The fragment reordering algorithm is shown in Fig. The path reconstruction algorithm is shown in Fig. Then the probability that a packet is marked by one router but not marked by any one of others is q 1-q d Since, the marking event in each router is independent, the probability that a given packet passes through d routers and being marked is dq 1-q d It can be omitted while describing the expectation. Therefore, the number of packets X required for reconstructing a path with length d at victim end has the following expectation:.
But, we adopt Maekawa optimal set to mark the edge and in fact, each edge is marked only 7 times and only 7d fragments are required for reordering. The expected number of packets required for path reconstruction with length d is as following:. In FMS scheme, the edge is divided into 8 fragments and only one fragment is marked each time. From Eq. But in AMS, there are no fragments, the expectation of which the number of packets X required for reconstruction a path with length d at victim end is:.
However, we can adopt the strategy of no rewriting and optimal probability to reduce the number of packets required for reconstruction. Computation overhead for reconstruction: Computation overhead includes overhead for fragments reordering and attack path reconstruction. There exist fragments in present scheme, so the fragments are required for reordering into edge. There is no hash and XOR in our scheme; therefore, the overhead for reconstruction is mainly from the overhead of fragments reordering.
FMS adopted XOR to reduce the space for storage, but the overhead of attaining raw data from the XOR for edge is much lower than the reordering, the overhead is mainly from the reordering of fragments. There is no fragment in AMS so that the overhead is mainly from the attack path reconstruction. By the use of Maekawa set while marking, we need not consider the recombination of all the fragments with the same distance. We only need to consider two reordering of fragments , 45, 67 and two checks and then the unique edge is reconstructed. All the packets are indexed on distance and cfragno fields in the IP header and the items with same distance, cfragno and cfrag are removed, this leads to further reduction of the number of fragment reordered.
- missouri divorce law marital assetts!
- Navigation menu.
- Statistics from Dimensions.ai.
- background free free info ny!
- find ip number of e-mail.
- consumer rights and employment background checks.
But, in FMS, the victim cannot distinguish which fragments are from which router. Therefore, the total number of reordering to be checked for all the distance is. It needs network topology to reconstruct the attack path. So, the overhead for reconstruction is:. False positives for reconstruction: FMS adopts fragmental strategy to compress the marking information.
Although, each router has a unique IP address and the edge constituted from neighboring router IP address is also unique, the edge fragments are probably identical; this results in that the reordering edge is not unique. Some non-existent attack paths would be reconstructed. For instance, the edge constituted from The reconstructed attack path is shown as Fig.
However, the marking strategy is based on the Maekawa set in present scheme. The goal of the Maekawa set is that uses optimal messages to make resources be accessed mutual exclusively in a distributed system. It is based on the fact that, if node i locks all members of S i , no other node can capture all its members. Therefore, when it invokes mutual exclusion, node i tries to lock all members of S i.
The circular locking among mutual exclusion request is achieved. As for a 7-node Maekawa set, the circular locking is depicted as Fig. Every node is linked to every other node in Fig. Changing any link will make that link conflict with the other links and hence any uncorrected combination is removed. Thus, when the Maekawa set is applied to our scheme, it will guarantee the reordered edge to be unique, so the false positives from reordering are 0 theoretically.
Furthermore, we adopt the redundant marking to check the reordered edge. Only when the reordered edge is matched with the relative information in redundant marking information, the reordered edge is considered as an attack edge. The compress based on hash and the authentication method based on MAC are not adopted so that there is no false positive from hash collision. While there are many routers with the same distance to the victim, 8-bit hash function is not enough to avoid collision and the false positives will be high too. No need routers topology support: In FMS, the edge is divided into fragments.
When the victim reconstructs the attack path, the victim cannot distinguish which fragments are from which router. In order to reconstruct the attack path, the victim needs to recombine all fragments with same distance. But not all recombined edge is in attack path.
- background check comprehensive free online.
- Much more than documents..
- how to find an old army friend.
- find person by their telephone number.
- search for westmoreland county jail inmates.
- what is a tax id number.
To determine the attack path, the support of routers topology is needed. Since, hash function is a one-way function, the IP address cannot be calculated back from the hash value. The routers topology is needed to reconstruct the attack path.
If the XOR-ed value of the hashed IP addresses is matched with the marking information in received packets, the edge will be considered as an attack edge. The rest reconstruction is deduced similarly. In present scheme, there exists dependence among the marking information. According to the dependence, the attack edge can be reconstructed. The marking information has no hash and XOR; therefore, a node can get the matched children node easily without the support of routers topology.
In addition, for a given N, the Maekawa set generated is not unique. Based on the feature, we may change the Maekawa set non-periodically to prevent a compromised router from forging marking information. The traceroute dataset contains distinct traceroute paths from a single source There are complete paths among them. In all the tests, we use the single source of the traceroute We simulate the process that a router marks a packet and the victim reconstructs the attack path. To reduce the number of packets required for reconstruction, the following strategies are adopted: 1 changing the randomly marking in FMS into orderly marking in this scheme.
The results are shown as Fig. Each data point is averaged over 30 independent tests with an attacker at a certain distance from the victim. The number of packets required for reconstruction in MMS with orderly marking and no rewriting with varying probability is also tested.
Probabilistic Packet Marking for Large-Scale IP Traceback - IEEE Journals & Magazine
Figure 10 shows the simulation result. From Fig. Though there are hundreds of thousands of attackers, MMS works well. This result is obtained from the ideal network environment. In order to solve the problem about large number of false positives, no authentication on marking information and the need for network topology in FMS, a novel probabilistic marking scheme MMS is proposed.
The Maekawa set makes the marking information and the marking times optimal. Not only the overhead for the reordering of fragments is heavily reduced, but also the marking information can be checked. The false positive of fragments reordering is 0 in theory and in ideal network environment.
MMS does not need the support of the network topology, which makes the scheme more practical. The Maekawa set can be changed non-periodically to prevent a compromised router from forging marking information to achieve advanced authentication simply. The authors thank Jian Zhou for insightful technical discussion. Subscribe Today. Science Alert. That is, any node belongs to k request sets These conditions have guaranteed the relationship between any two nodes in a distributed system is expressed and constrained in some subset.
All Rights Reserved. Research Article. Similar Articles in this Journal.
Related probabilistic packet marking for large scale ip trace back
Copyright 2019 - All Right Reserved