Download Subtle Waves Template

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

Policies promoting wireless broadband in the United States wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

RapidIO wikipedia , lookup

CAN bus wikipedia , lookup

Airborne Networking wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Kademlia wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
A Logless Fast IP Traceback
Scheme Against DDoS Attacks in
Wireless Ad-hoc Network
Yinan Jing, Xueping Wang, Xiaochun Xiao, Gendu Zhang
School of Information Science & Engineering, Fudan University,
Shanghai, 200433, P.R. China
Wireless, Mobile and Multimedia Networks, 2006 IET
International Conference
Advisor : I-Long Lin, Han-Chieh Chao
Student : Shih-Hao Peng
Date
: 2011/04/26
1
Outline
•
•
•
•
•
•
Abstract
Introduction
Logless Fast IP traceback scheme
Simulation Result
Discussion
Conclusions
2
Abstract
• Distributed denial-of-service(DDoS) attacks have become
the major threat to wireless ad-hoc network
• There are some problems with the nodes of wireless ad-hoc
networks
– Limited bandwidth
– Computational resource
– Unpredictable routing behaviors
• The author propose a Logless Fast IP Traceback(LFIT)
scheme which can be applicable to source traceback in
wireless ad-hoc networks base on Probabilistic Packet
Marking(PPM)
3
• The scheme has faster traceback speed than previous work
Introduction
• IP traceback allows the victim to identify the attack sources
even in the presence of IP spoofing
• There are some traceback schemes have been proposed for
Internet:
–
–
–
–
Link Testing
Log-based schemes
ICMP-based iTrace
Probabilistic Packet Marking (PPM)
• PPM might be most promising for attack source traceback
in wireless ad-hoc networks, because it has more
advantages on network and node overhead than other 4
schemes
Logless Fast IP traceback scheme
• The main reason for slow traceback speed(PPM) is that the
old marking information might be easily overwritten by
the downstream routing nodes due to limited marking
information space in packets.
• The author propose a distributed-log-based scheme which
uses logs in routing nodes to conserve the old marking
information before the downstream node overwriting it
• The log-based scheme can not be applicable to wireless adhoc environment, because it requires log storage space at
traceback-enabled nodes and infrastructure support for log
collection
5
Logless Fast IP traceback scheme(Cont.)
Marking Information Hash Table structure
• Each traceback-enabled node has a hash table called
Marking Information Hash Table(MIHashTable)
• This table is used to manage Marking Information
Queues(MIQueue) for different destinations
• TimeStamp: record the latest access time of the MIQueue
6
Logless Fast IP traceback scheme(Cont.)
• LFIT sheme uses a MIQueue to reserve the old marking
information in the packet momentarily before remarking
• The traceback-enabled nodes would convey the marking
information in the MIQueue towards the victim
preferentially
• The marking information reserved in the MIQueue can be
conveyed to the victim by producing new packets
• Author still follow the idea of PPM schemes and use the
free space in the packets to transmit the marking
information
7
Logless Fast IP traceback scheme(Cont.)
• The author assume the marking information space in one
packet is enough to store a piece of marking information
<oldTTL, nodeid, FlowMark, flag>
– oldTTL: Obtain the distance (Hops) between the original marking
node and the current node
– nodeid: the node identity of the marking node
– FlowMark: hash value of one packet's flow information, which is
usually denoted by <source IP,source port, destination IP,
destination port, protocol type> of one packet
– The l-bit flag is used to denote whether one packet has been
marked
 1: the packet has been marked
 0: the packet hasn’t been marked
8
Logless Fast IP traceback scheme(Cont.)
9
Logless Fast IP traceback scheme(Cont.)
10
Logless Fast IP traceback scheme(Cont.)
11
Logless Fast IP traceback scheme(Cont.)
• The MIQueue has enqueue() and dequeue() two functions
to implement writing and reading marking information
• A piece of marking information reserved in the MIQueue
can be represented as <Hops, nodeid, FlowMark>
• The marking information in the MIQueue will be
conveyed forward as quickly as possible in a higher
priority
• After the victim received a modest number of marking
packets, it can reconstruct the attack paths by the marking
information
12
Logless Fast IP traceback scheme(Cont.)
• First, victim can identify those attack packets by the
intrusion detection system
• Second, victim uses a hash table called as
FlowMarkHashTable (FMhtbl_ is a pointer to this table)
Data structure for attack paths reconstructiOn
In terms of the Hops of the marking information, author can
13
sort different nodeid in order and yield a NodeList
Logless Fast IP traceback scheme(Cont.)
14
Simulation Result
• The author have implemented LFIT and Advance Marking
Scheme(AMS) schemes on NS-2
• The number of packets required to reconstruct all paths is a
linear function of the number of attackers
• There are 14 traceback-enabled nodes between the attacker
and the victim
• The author used following two performance metrics to
evaluate the performance of LFIT:
– Convergence time of the traceback algorithm
– Average queue length under various parameters
15
Simulation Result(Cont.)
Average convergence time ofAMS and LFIT
• Table shows that the average convergence time of LFIT
and AMS schemes
• X :the number of packets which required to reconstruct an
attack path
• p :be the marking probability
16
Simulation Result(Cont.)
• In order to evaluate the utilization of MIQueue at different
position under different p, author let 200 packets pass
through this path towards to a same destination
Utilization ofMIQueue under various d
17
Simulation Result(Cont.)
• The picture shows the utilization of MIQueue at the same
position (same d) when we let p be different values
18
Utilization of MIQueue under various p
Simulation Result(Cont.)
• AQL is defined as the average queue length per
packet, 0<=AQL<=1
0.4
0.3
0.2
0.1
0.07
0.05
Average Queue Length under various parameters
19
Discussion
• Although traceback-enabled nodes in LFIT scheme need
neither store nor transmit logs, they have some
computational and storage overhead
– When one packet arrives at a node, there is a table query
operation
– MIQueues at one node need storage space
• LFIT scheme can periodically clean up overdue entries
from MIHashTable by TimeStamp
20
Conclusions
• The author proposed a logless fast IP traceback
scheme, which not only has faster traceback speed
than previous traditional PPM schemes, but also has
little network and node overhead
• LFIT is a fast and lightweight traceback scheme can
be applicable to wireless ad-hoc environment
21
Related documents
Unit title: International Marketing Credit points: 20 Unit code
Unit title: International Marketing Credit points: 20 Unit code
What is AP World History at FHS?
What is AP World History at FHS?
スライド 1
スライド 1
TEACHER EDUCATION SYLLABUS TEMPLATE
TEACHER EDUCATION SYLLABUS TEMPLATE
IP Trace-back - HKU Information Technology Services
IP Trace-back - HKU Information Technology Services
MISS RISK NATIONAL GLOBAL ISSUES FAQS
MISS RISK NATIONAL GLOBAL ISSUES FAQS
Electric potential
Electric potential
Integers and the Number Line
Integers and the Number Line
Forensic Spoofer Location Detection Using Passive IP Traceback Techniques
Forensic Spoofer Location Detection Using Passive IP Traceback Techniques
Pre-AP World History Course Overview
Pre-AP World History Course Overview
unit title - Solent Online Learning
unit title - Solent Online Learning
AP World History Course Overview
AP World History Course Overview