LPM: A lightweight authenticated packet marking approach for IP traceback
IP traceback approaches have an important role to play in mitigating the attacks based on IP spoofing like Denial of service/Distributed denial of service attacks. Due to the obvious significance of such attacks, numerous approaches have been proposed in the literature. However, as per our observati...
Gespeichert in:
| Veröffentlicht in: | Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2018-07, Vol.140, p.41-50 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 50 |
|---|---|
| container_issue | |
| container_start_page | 41 |
| container_title | Computer networks (Amsterdam, Netherlands : 1999) |
| container_volume | 140 |
| creator | Patel, Hasmukh Jinwala, Devesh C |
| description | IP traceback approaches have an important role to play in mitigating the attacks based on IP spoofing like Denial of service/Distributed denial of service attacks. Due to the obvious significance of such attacks, numerous approaches have been proposed in the literature. However, as per our observations, there is still a scope to improve the IP traceback techniques especially in terms of reducing the number of false-positives, reducing the number of packets required at the victim node and the requirement of an upstream router map.
Motivated by this observation, in this paper, we propose a novel Light-weight Packet Marking (LPM) that is a probabilistic packet marking (PPM) approach, to trace back the sources of an attack. LPM improves upon the existing PPM approaches in the number of packets required by the victim to reconstruct the attack paths, reduced false-positives and support incremental deployment. It does not even require an upstream router map. LPM also authenticates the marking that enables a victim to detect the attackers attempts to forge the marking. LPM uses multiple hash functions to reduce the false positives further to zero. We carry out experimental analysis as well as security analysis of LPM considering attacker and compromised routers in our attacker model. |
| doi_str_mv | 10.1016/j.comnet.2018.04.014 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2094502941</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128618301786</els_id><sourcerecordid>2094502941</sourcerecordid><originalsourceid>FETCH-LOGICAL-c334t-ed7c9c13b3f062f278df089e4450d0492256c06cf1a227e9fed0d36cd843d0da3</originalsourceid><addsrcrecordid>eNp9UMtOwzAQjBBIlMIfcLDEOWH9aGJzQKoQj0pF9ABny7U3rdM2KY4L4u9xFc5cducwM7szWXZNoaBAy9umsN2uxVgwoLIAUQAVJ9mIyorlFZTqNGEuVU6ZLM-zi75vAEAIJkfZbL54vSNTsvWrdfzG4yTmENfYRm9NREf2xm4wkp0JG9-uiNnvQ2fsmtRdILMFicFYXCbOZXZWm22PV397nH08Pb4_vOTzt-fZw3SeW85FzNFVVlnKl7yGktWskq4GqVCICTgQirFJaaG0NTWMVahqdOB4aZ0UPCHDx9nN4Jv--DxgH3XTHUKbTmoGKrkwJWhiiYFlQ9f3AWu9Dz5l-NEU9LE03eihNH0sTYPQqbQkux9kmBJ8eQy6tx5bi84HtFG7zv9v8AufFXah</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2094502941</pqid></control><display><type>article</type><title>LPM: A lightweight authenticated packet marking approach for IP traceback</title><source>Elsevier ScienceDirect Journals</source><creator>Patel, Hasmukh ; Jinwala, Devesh C</creator><creatorcontrib>Patel, Hasmukh ; Jinwala, Devesh C</creatorcontrib><description>IP traceback approaches have an important role to play in mitigating the attacks based on IP spoofing like Denial of service/Distributed denial of service attacks. Due to the obvious significance of such attacks, numerous approaches have been proposed in the literature. However, as per our observations, there is still a scope to improve the IP traceback techniques especially in terms of reducing the number of false-positives, reducing the number of packets required at the victim node and the requirement of an upstream router map.
Motivated by this observation, in this paper, we propose a novel Light-weight Packet Marking (LPM) that is a probabilistic packet marking (PPM) approach, to trace back the sources of an attack. LPM improves upon the existing PPM approaches in the number of packets required by the victim to reconstruct the attack paths, reduced false-positives and support incremental deployment. It does not even require an upstream router map. LPM also authenticates the marking that enables a victim to detect the attackers attempts to forge the marking. LPM uses multiple hash functions to reduce the false positives further to zero. We carry out experimental analysis as well as security analysis of LPM considering attacker and compromised routers in our attacker model.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2018.04.014</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Cybersecurity ; Denial of service attacks ; Internet Protocol ; IP (Internet Protocol) ; IP spoofing attacks ; IP traceback ; Lightweight ; Marking ; Packet marking ; Routers ; Securities analysis ; Spoofing ; Studies ; Upstream ; Weight reduction</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2018-07, Vol.140, p.41-50</ispartof><rights>2018 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Jul 20, 2018</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c334t-ed7c9c13b3f062f278df089e4450d0492256c06cf1a227e9fed0d36cd843d0da3</citedby><cites>FETCH-LOGICAL-c334t-ed7c9c13b3f062f278df089e4450d0492256c06cf1a227e9fed0d36cd843d0da3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S1389128618301786$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3536,27903,27904,65309</link.rule.ids></links><search><creatorcontrib>Patel, Hasmukh</creatorcontrib><creatorcontrib>Jinwala, Devesh C</creatorcontrib><title>LPM: A lightweight authenticated packet marking approach for IP traceback</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>IP traceback approaches have an important role to play in mitigating the attacks based on IP spoofing like Denial of service/Distributed denial of service attacks. Due to the obvious significance of such attacks, numerous approaches have been proposed in the literature. However, as per our observations, there is still a scope to improve the IP traceback techniques especially in terms of reducing the number of false-positives, reducing the number of packets required at the victim node and the requirement of an upstream router map.
Motivated by this observation, in this paper, we propose a novel Light-weight Packet Marking (LPM) that is a probabilistic packet marking (PPM) approach, to trace back the sources of an attack. LPM improves upon the existing PPM approaches in the number of packets required by the victim to reconstruct the attack paths, reduced false-positives and support incremental deployment. It does not even require an upstream router map. LPM also authenticates the marking that enables a victim to detect the attackers attempts to forge the marking. LPM uses multiple hash functions to reduce the false positives further to zero. We carry out experimental analysis as well as security analysis of LPM considering attacker and compromised routers in our attacker model.</description><subject>Cybersecurity</subject><subject>Denial of service attacks</subject><subject>Internet Protocol</subject><subject>IP (Internet Protocol)</subject><subject>IP spoofing attacks</subject><subject>IP traceback</subject><subject>Lightweight</subject><subject>Marking</subject><subject>Packet marking</subject><subject>Routers</subject><subject>Securities analysis</subject><subject>Spoofing</subject><subject>Studies</subject><subject>Upstream</subject><subject>Weight reduction</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNp9UMtOwzAQjBBIlMIfcLDEOWH9aGJzQKoQj0pF9ABny7U3rdM2KY4L4u9xFc5cducwM7szWXZNoaBAy9umsN2uxVgwoLIAUQAVJ9mIyorlFZTqNGEuVU6ZLM-zi75vAEAIJkfZbL54vSNTsvWrdfzG4yTmENfYRm9NREf2xm4wkp0JG9-uiNnvQ2fsmtRdILMFicFYXCbOZXZWm22PV397nH08Pb4_vOTzt-fZw3SeW85FzNFVVlnKl7yGktWskq4GqVCICTgQirFJaaG0NTWMVahqdOB4aZ0UPCHDx9nN4Jv--DxgH3XTHUKbTmoGKrkwJWhiiYFlQ9f3AWu9Dz5l-NEU9LE03eihNH0sTYPQqbQkux9kmBJ8eQy6tx5bi84HtFG7zv9v8AufFXah</recordid><startdate>20180720</startdate><enddate>20180720</enddate><creator>Patel, Hasmukh</creator><creator>Jinwala, Devesh C</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20180720</creationdate><title>LPM: A lightweight authenticated packet marking approach for IP traceback</title><author>Patel, Hasmukh ; Jinwala, Devesh C</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c334t-ed7c9c13b3f062f278df089e4450d0492256c06cf1a227e9fed0d36cd843d0da3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Cybersecurity</topic><topic>Denial of service attacks</topic><topic>Internet Protocol</topic><topic>IP (Internet Protocol)</topic><topic>IP spoofing attacks</topic><topic>IP traceback</topic><topic>Lightweight</topic><topic>Marking</topic><topic>Packet marking</topic><topic>Routers</topic><topic>Securities analysis</topic><topic>Spoofing</topic><topic>Studies</topic><topic>Upstream</topic><topic>Weight reduction</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Patel, Hasmukh</creatorcontrib><creatorcontrib>Jinwala, Devesh C</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library & Information Sciences Abstracts (LISA)</collection><collection>Library & Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Patel, Hasmukh</au><au>Jinwala, Devesh C</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>LPM: A lightweight authenticated packet marking approach for IP traceback</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2018-07-20</date><risdate>2018</risdate><volume>140</volume><spage>41</spage><epage>50</epage><pages>41-50</pages><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>IP traceback approaches have an important role to play in mitigating the attacks based on IP spoofing like Denial of service/Distributed denial of service attacks. Due to the obvious significance of such attacks, numerous approaches have been proposed in the literature. However, as per our observations, there is still a scope to improve the IP traceback techniques especially in terms of reducing the number of false-positives, reducing the number of packets required at the victim node and the requirement of an upstream router map.
Motivated by this observation, in this paper, we propose a novel Light-weight Packet Marking (LPM) that is a probabilistic packet marking (PPM) approach, to trace back the sources of an attack. LPM improves upon the existing PPM approaches in the number of packets required by the victim to reconstruct the attack paths, reduced false-positives and support incremental deployment. It does not even require an upstream router map. LPM also authenticates the marking that enables a victim to detect the attackers attempts to forge the marking. LPM uses multiple hash functions to reduce the false positives further to zero. We carry out experimental analysis as well as security analysis of LPM considering attacker and compromised routers in our attacker model.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2018.04.014</doi><tpages>10</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1389-1286 |
| ispartof | Computer networks (Amsterdam, Netherlands : 1999), 2018-07, Vol.140, p.41-50 |
| issn | 1389-1286 1872-7069 |
| language | eng |
| recordid | cdi_proquest_journals_2094502941 |
| source | Elsevier ScienceDirect Journals |
| subjects | Cybersecurity Denial of service attacks Internet Protocol IP (Internet Protocol) IP spoofing attacks IP traceback Lightweight Marking Packet marking Routers Securities analysis Spoofing Studies Upstream Weight reduction |
| title | LPM: A lightweight authenticated packet marking approach for IP traceback |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-25T06%3A05%3A23IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=LPM:%20A%20lightweight%20authenticated%20packet%20marking%20approach%20for%20IP%20traceback&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Patel,%20Hasmukh&rft.date=2018-07-20&rft.volume=140&rft.spage=41&rft.epage=50&rft.pages=41-50&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2018.04.014&rft_dat=%3Cproquest_cross%3E2094502941%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2094502941&rft_id=info:pmid/&rft_els_id=S1389128618301786&rfr_iscdi=true |