efficient as dos traceback (autonomous system) mohammed alenezi, martin j reed computer applications...
DESCRIPTION
Background DoS problem has been divided into three. 1. Prevention 2. Detection 3. Mitigation Traceback which is under Mitigation. 3TRANSCRIPT
![Page 1: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/1.jpg)
Outline
Background Traceback(Related work) DPM,PPM,DPPM EAST Performance Conclusion
2
![Page 2: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/2.jpg)
Background
DoS problem has been divided into three.1. Prevention2. Detection3. Mitigation
Traceback which is under Mitigation.
3
![Page 3: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/3.jpg)
Traceback(Related work)
There are many techniques have been proposed to traceback.
1. Link testing.
4
![Page 4: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/4.jpg)
Traceback(Related work)
There are many techniques have been proposed to traceback.
1. Link testing.2. ICMP
1/20,000
5
![Page 5: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/5.jpg)
Traceback(Related work)
There are many techniques have been proposed to traceback.
1. Link testing.2. ICMP3. Logging4. Packet Marking
Deterministic Packet Marking(DPM) Probabilistic Packet Marking(PPM) Dynamic Probabilistic Packet Marking(DPPM)
Storage
StorageStorageStorage
Storage Storage
6
![Page 6: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/6.jpg)
Deterministic Packet Marking(DPM)
DPM marks every packet at the edge router. Use 16 bits IP Header and 1 bit Flag.
7
![Page 7: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/7.jpg)
Probabilistic Packet Marking(PPM)
Probability,p=1/25 IP header 16bits=> 8bits IP address, 8bits distance Routers 64Bits fragmentation to 8 x 8bits
and victim combine.
8DPM VS PPM
![Page 8: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/8.jpg)
Dynamic Probabilistic Packet Marking(DPPM)
Probability,p=1/d d is the traveling distance(by packet’s TTL) Packets to reconstruct the path are reduced.
9DPPM VS PPM
![Page 9: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/9.jpg)
TTL drawbacks
1. Initial TTL value is system dependent and would be changing based on the used system.
2. Attacker can intentionally inject packets with different TTL to confuse the technique.
10
![Page 10: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/10.jpg)
EFFICIENT AS TRACEBACK (EAST)
AS(Autonomous System),ASBR,BGP AIM:
1. Solve TTL drawbacks.2. Reducing the required number of packets in the
traceback. (Reduce storage at the victim)
11
![Page 11: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/11.jpg)
EAST
The 25 bits comes from three different fields, namely Type of service (TOS), identification(ID), and reservation flag (RF).
12
![Page 12: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/12.jpg)
EAST Probability,p=1/(a-2) a is ASs from attacker to the AS of the victim. performs traceback at the AS level,a can be known in advance. Solve TTL problem
13
32bits hash to 22bits
![Page 13: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/13.jpg)
EAST algorithm
14
![Page 14: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/14.jpg)
Performance and Analysis
15
![Page 15: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/15.jpg)
Performance and Analysis
16
![Page 16: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/16.jpg)
Conclusion
DoS Traceback has many way. EAST maybe is better than PPM,DPPM.
17
![Page 17: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/17.jpg)
REFERENCES
[1] Ping-Hsien Yu, An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System, Department of Computer Science & Information Engineering 2011
[2] 彭士浩 , 張晉銘 , 卓信宏 , 林宜隆 , 趙涵捷 , " 基於機率的封包標記選擇策略改善 IP 回溯效能 ," 第十六屆臺灣網際網路研討會 (TANET 2011), Ilan, Taiwan, October 24-26, 2011.
18
![Page 18: Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1](https://reader036.vdocuments.mx/reader036/viewer/2022081521/5a4d1af77f8b9ab059982357/html5/thumbnails/18.jpg)
THANK YOU.
19