TY - GEN
T1 - A design of history based traffic filtering with probabilistic packet marking against DoS attacks
AU - Kiuchi, Tadashi
AU - Hori, Yoshiaki
AU - Sakurai, Kouichi
PY - 2010/11/29
Y1 - 2010/11/29
N2 - Recently, one of threats on the increasing network includes DoS(Denial of Service) attacks. A large amount of packets is transmitted to a server that becomes a target of DoS attacks. Therefore, a packet filtering that intercepts the communication of a doubtful packet is researched. We investigate two packet filtering methods. In the history based filtering, it looks for IP addresses that frequently appears at a router. DoS attack traffic is filtered by filtering IP address not observed usually so much. However, the filtering method is weak when the attacker know how to filtering. In the filtering approach that uses the probabilistic packet marking, a communication from an attack path is intercepted and the technique for intercepting the attack is proposed. However, an non-attacker's communication is also intercepted, and there is a problem that the number of packets necessary for the route construction increases according to a superscription of mark information. Then, to solve both problems of the expression, it proposes the probabilistic packet marking with and the filtering approach using the observation of transmission source IP address. The attack path is specified from mark information when an attack starts, and an attack packet is filtered from the record and mark information on an address of the router. It becomes possible to prevent packets being filtered when packets sent by a result and regular those who communicate is marked on the attack path. This technique achieve low false positive of benign traffic.
AB - Recently, one of threats on the increasing network includes DoS(Denial of Service) attacks. A large amount of packets is transmitted to a server that becomes a target of DoS attacks. Therefore, a packet filtering that intercepts the communication of a doubtful packet is researched. We investigate two packet filtering methods. In the history based filtering, it looks for IP addresses that frequently appears at a router. DoS attack traffic is filtered by filtering IP address not observed usually so much. However, the filtering method is weak when the attacker know how to filtering. In the filtering approach that uses the probabilistic packet marking, a communication from an attack path is intercepted and the technique for intercepting the attack is proposed. However, an non-attacker's communication is also intercepted, and there is a problem that the number of packets necessary for the route construction increases according to a superscription of mark information. Then, to solve both problems of the expression, it proposes the probabilistic packet marking with and the filtering approach using the observation of transmission source IP address. The attack path is specified from mark information when an attack starts, and an attack packet is filtered from the record and mark information on an address of the router. It becomes possible to prevent packets being filtered when packets sent by a result and regular those who communicate is marked on the attack path. This technique achieve low false positive of benign traffic.
UR - http://www.scopus.com/inward/record.url?scp=78649295244&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78649295244&partnerID=8YFLogxK
U2 - 10.1109/SAINT.2010.44
DO - 10.1109/SAINT.2010.44
M3 - Conference contribution
AN - SCOPUS:78649295244
SN - 9780769541075
T3 - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
SP - 261
EP - 264
BT - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
T2 - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
Y2 - 19 July 2010 through 23 July 2010
ER -