Affiliation:
1. Beijing Jiaotong University, Beijing, China
Abstract
Distributed denial of service attacks seriously threatens the availability of highly resilient software-defined networking systems, such as data center networks. A traceback scheme is an effective means of mitigating attacks by identifying the location of the attacker and the attacking path. However, traditional traceback schemes suffer from low traceability success rates, high packet header overheads, and high communication traffic overheads, in addition to the fact that logically centralized traceability schemes make the control plane a prime target for attacks. To overcome the above challenges, we propose the low-overhead and high-precision traceback scheme, which is divided into two stages: packet marking and path reconstruction. The first stage of the traceback scheme utilizes programmable switches in the data plane to selectively mark the actual physical path information that the packet was forwarded on. The marking method is adaptive to the path length, which utilizes a combined Bloom filter so that the packet length does not grow with the length of the attacking path. The proposed probabilistic packet marking algorithm effectively reduces the number of packets collected to reconstruct the attacking path. The second stage of the traceback scheme utilizes the distributed victim host to reconstruct the attacking path without the controller and locate the source of the attacker. Theoretical analysis and experimental results show that the proposed scheme ensures the high accuracy of tracing and minimizes the traffic overhead and storage overhead required for the traceback process.
Funder
National Basic Research Program of China
Subject
Computer Networks and Communications,Information Systems
Reference39 articles.
1. A new machine learning-based collaborative ddos mitigation mechanism in software-defined network;S. Mohammed
2. Tracing multiple attackers with deterministic packet marking (dpm);A. Belenky
3. A hybrid optimization algorithm based on ant colony and particle swarm algorithm to address ip traceback problem;A. Saini,2019
4. On design and evaluation of “intention-driven” icmp traceback;A. Mankin
5. Towards an efficient implementation of traceback mechanisms in autonomous systems;K. Boudaoud