Single-packet attack can be tracked with logging-based IP traceback approaches, whereas DDoS attack can be tracked with marking-based approaches. However, both approaches have their limits. Logging-based approaches incur heavy overhead for packet-digest storage as well as time overhead for both path recording and recovery. Marking-based approaches incur little traceback overhead but are unable to track single packets. Simply deploying both approaches in the same network to deal with single-packet and DDoS attacks is not an efficient solution due to the heavy traceback overhead. Recent studies suggest that hybrid approaches are more efficient as they consume less router memory to store packet digests and require fewer attack packets to recover attack paths. Thus, the hybrid single packet traceback approach is more promising in efficiently tracking both single-packet and DDoS attacks. The major challenge lies in reducing storage and time overhead while maintaining single-packet traceback capability. We present in this paper a new hybrid approach to efficiently track single-packet attacks by designing a novel path fragment encoding scheme using the orthogonality of Walsh matrix and the degree distribution characteristic of router-level topologies. Compared to HIT (Hybrid IP Traceback), which, to the best of our knowledge, is the most efficient hybrid approach for single-packet traceback, our approach has three advantages. First, it reduces the overhead by 2/3 in both storage and time for recording packet paths. Second, the time overhead for recovering packet paths is also reduced by a calculatable amount. Finally, our approach generates no more than 2/3 of the false-positive paths generated by HIT.
Yulong WANG
Beijing University of Posts and Telecommunications
Ji REN
Beijing University of Posts and Telecommunications
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Yulong WANG, Ji REN, "WHIT: A More Efficient Hybrid Method for Single-Packet IP Traceback Using Walsh Matrix and Router Degree Distribution" in IEICE TRANSACTIONS on Communications,
vol. E96-B, no. 7, pp. 1896-1907, July 2013, doi: 10.1587/transcom.E96.B.1896.
Abstract: Single-packet attack can be tracked with logging-based IP traceback approaches, whereas DDoS attack can be tracked with marking-based approaches. However, both approaches have their limits. Logging-based approaches incur heavy overhead for packet-digest storage as well as time overhead for both path recording and recovery. Marking-based approaches incur little traceback overhead but are unable to track single packets. Simply deploying both approaches in the same network to deal with single-packet and DDoS attacks is not an efficient solution due to the heavy traceback overhead. Recent studies suggest that hybrid approaches are more efficient as they consume less router memory to store packet digests and require fewer attack packets to recover attack paths. Thus, the hybrid single packet traceback approach is more promising in efficiently tracking both single-packet and DDoS attacks. The major challenge lies in reducing storage and time overhead while maintaining single-packet traceback capability. We present in this paper a new hybrid approach to efficiently track single-packet attacks by designing a novel path fragment encoding scheme using the orthogonality of Walsh matrix and the degree distribution characteristic of router-level topologies. Compared to HIT (Hybrid IP Traceback), which, to the best of our knowledge, is the most efficient hybrid approach for single-packet traceback, our approach has three advantages. First, it reduces the overhead by 2/3 in both storage and time for recording packet paths. Second, the time overhead for recovering packet paths is also reduced by a calculatable amount. Finally, our approach generates no more than 2/3 of the false-positive paths generated by HIT.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E96.B.1896/_p
Copy
@ARTICLE{e96-b_7_1896,
author={Yulong WANG, Ji REN, },
journal={IEICE TRANSACTIONS on Communications},
title={WHIT: A More Efficient Hybrid Method for Single-Packet IP Traceback Using Walsh Matrix and Router Degree Distribution},
year={2013},
volume={E96-B},
number={7},
pages={1896-1907},
abstract={Single-packet attack can be tracked with logging-based IP traceback approaches, whereas DDoS attack can be tracked with marking-based approaches. However, both approaches have their limits. Logging-based approaches incur heavy overhead for packet-digest storage as well as time overhead for both path recording and recovery. Marking-based approaches incur little traceback overhead but are unable to track single packets. Simply deploying both approaches in the same network to deal with single-packet and DDoS attacks is not an efficient solution due to the heavy traceback overhead. Recent studies suggest that hybrid approaches are more efficient as they consume less router memory to store packet digests and require fewer attack packets to recover attack paths. Thus, the hybrid single packet traceback approach is more promising in efficiently tracking both single-packet and DDoS attacks. The major challenge lies in reducing storage and time overhead while maintaining single-packet traceback capability. We present in this paper a new hybrid approach to efficiently track single-packet attacks by designing a novel path fragment encoding scheme using the orthogonality of Walsh matrix and the degree distribution characteristic of router-level topologies. Compared to HIT (Hybrid IP Traceback), which, to the best of our knowledge, is the most efficient hybrid approach for single-packet traceback, our approach has three advantages. First, it reduces the overhead by 2/3 in both storage and time for recording packet paths. Second, the time overhead for recovering packet paths is also reduced by a calculatable amount. Finally, our approach generates no more than 2/3 of the false-positive paths generated by HIT.},
keywords={},
doi={10.1587/transcom.E96.B.1896},
ISSN={1745-1345},
month={July},}
Copy
TY - JOUR
TI - WHIT: A More Efficient Hybrid Method for Single-Packet IP Traceback Using Walsh Matrix and Router Degree Distribution
T2 - IEICE TRANSACTIONS on Communications
SP - 1896
EP - 1907
AU - Yulong WANG
AU - Ji REN
PY - 2013
DO - 10.1587/transcom.E96.B.1896
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E96-B
IS - 7
JA - IEICE TRANSACTIONS on Communications
Y1 - July 2013
AB - Single-packet attack can be tracked with logging-based IP traceback approaches, whereas DDoS attack can be tracked with marking-based approaches. However, both approaches have their limits. Logging-based approaches incur heavy overhead for packet-digest storage as well as time overhead for both path recording and recovery. Marking-based approaches incur little traceback overhead but are unable to track single packets. Simply deploying both approaches in the same network to deal with single-packet and DDoS attacks is not an efficient solution due to the heavy traceback overhead. Recent studies suggest that hybrid approaches are more efficient as they consume less router memory to store packet digests and require fewer attack packets to recover attack paths. Thus, the hybrid single packet traceback approach is more promising in efficiently tracking both single-packet and DDoS attacks. The major challenge lies in reducing storage and time overhead while maintaining single-packet traceback capability. We present in this paper a new hybrid approach to efficiently track single-packet attacks by designing a novel path fragment encoding scheme using the orthogonality of Walsh matrix and the degree distribution characteristic of router-level topologies. Compared to HIT (Hybrid IP Traceback), which, to the best of our knowledge, is the most efficient hybrid approach for single-packet traceback, our approach has three advantages. First, it reduces the overhead by 2/3 in both storage and time for recording packet paths. Second, the time overhead for recovering packet paths is also reduced by a calculatable amount. Finally, our approach generates no more than 2/3 of the false-positive paths generated by HIT.
ER -