Browse > Article
http://dx.doi.org/10.13089/JKIISC.2007.17.2.93

Lightweight IP Traceback Mechanism on IPv6 Network Environment  

Heo, Joon (Kyung Hee University)
Kang, Myung-Soo (Plantynet)
Hong, Choong-Seon (Kyung Hee University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.17, no.2, 2007 , pp. 93-102 More about this Journal
Abstract
A serious problem to fight DDoS attacks is that attackers use incorrect or spoofed IP addresses in the attack packets. Due to the stateless nature of the internet, it is a difficult problem to determine the source of these spoofed IP packets. The most of previous studies to prevent and correspond to DDoS attacks using the traceback mechanism have been accomplished in IPv4 environment. Even though a few studies in IPv6 environment were introduced, those have no detailed mechanism to cope with DDoS attacks. The mechanisms for tracing the origin of attacks in IPv6 networks have so many differences from those of IPv4 networks. In this paper we proposed a lightweight IP traceback mechanism in IPv6 network environment. When marking for traceback is needed, the router can generate Hop-by-Hop option and transmit the marked packet. We measured the performance of this mechanism and at the same time meeting the efficient marking for traceback.
Keywords
Traceback; IPv6; Probabilistic Packet Marking;
Citations & Related Records
연도 인용수 순위
  • Reference
1 K. Park and H. Lee, 'On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack,' Tech. Rep. CSD-00-013, Department of Computer Sciences, Purdue University, June 2000
2 Minho Sung and Jun Xu, 'IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks,' IEEE Transactions on Parallel and Distributed Systems, vol. 14, Issue 9, pp. 861-872, September 2003   DOI   ScienceOn
3 Ion Stoica, Hui Zhang, 'Providing Guaranteed Services Without Per Flow Management,' ACM SIGCOMM Computer Communication Review archive, vol. 29, Issue 4, pp. 81-94, Oct. 1999
4 Belenky A. and Ansari N., 'On IP Traceback,' IEEE Communications Magazine, vol. 41, Issue 7, July 2003
5 Tsern Huei Lee, Wei-Kai Wu, Tze-Yau William Huang, 'Scalable packet digesting schemes for IP traceback,' 2004 IEEE International Conference, Vol. 2, pp. 1008-1013, June 2004
6 Strayer W. T., Jones C. E., Tchakountio F. and Snoeren A. C., 'SPIE demonstration: single packet traceback,' Architecture DARPA Information Survivability Conference and Exposition2003 Proceedings, vol. 2, pp. 106-107, April 2003
7 Aljifri H., 'IP traceback: a new denial-ofservice deterrent,' IEEE Security & Privacy Magazine, vol. 1, Issue 3, pp. 24-31, June 2003
8 Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, 'Practical network support for IP traceback,' In Proceedings of the 2000 ACM SIGCOMM Conference, August 2000
9 Bao Tung Wang, Schulzrinne H., 'An IP traceback mechanism for reflective DoS attacks,' Electrical and Computer Engineering 2004, Volume 2, pp. 901-904, May 2004
10 W. Stevens and M. Thomas, 'Advanced Sockets API for IPv6,' RFC 2292, February 1998
11 W. Timothy Strayer and Fabrice Tchakountio, 'SPIE-IPv6 : Single IPv6 Packet Traceback,' Proceedings of the IEEE Internation Conference on Local Computer Networks, pp. 118-125, Nov. 2004
12 C. Partridge and A. Jackson, 'IPv6 Router Alert Option,' RFC 2711, October 1999
13 Henry C.J. Lee, Miao Ma, Vrizlynn L.L. Thing and Yi Xu, 'On the Issues of IP Traceback for IPv6 and Mobile IPv6,' Proceedings of the IEEE International Symposium on Computers and Communication, pp. 582-587, July 2003
14 S. Savage et al., 'Network Support for IP Traceback,' IEEE/ACM Trans. Net., vol. 9, no. 3, pp. 226-237, June 2001   DOI   ScienceOn