Single Packet ICMP Traceback Technique Using Router Interface
M. Vijayalakshmi；S. Mercy shalinie
DDoS attack ； IP spoofing ； IP traceback ； single packet ； packet marking ； ICMP traceback
Journal of Information Science and Engineering
|Volume or Term/Year and Month of Publication||
31卷5期（2015 / 09 / 01）
1757 - 1778
In the modern technological world, with the increasing dependency on Internet the security threats are on the rise. Distributed Denial of Service (DDoS) attack is one of the biggest threats. The attackers tend to exhaust the network resources, while ingeniously hiding their identity, making the defense process extremely difficult. Many researchers have proposed various solutions to traceback the true origin of attack. Among them Internet Control Message Protocol (ICMP) traceback was considered an industry standard by Internet Engineering Task Force (IETF). ICMP Traceback (ITrace) does not require any change in the existing infrastructure. However it consumes considerable bandwidth and requires a large number of packets to traceback an attacker. This work proposes a Single Packet ICMP Traceback technique using Router Interface (SPITRI). It traces the origin of flooding attack with a single ICMP packet. The bandwidth overhead incurred by SPITRI is several times lesser than ITrace. SPITRI was simulated over the CAIDA Ark dataset. It can traceback the attackers with high accuracy, with zero false positive and zero false negative result. The efficacy of the proposed scheme is demonstrated by simulating and comparing it with ITrace, and the latest router interface based single packet traceback scheme.