Abstract Distributed denial of service attack has become a challenging threat in today’s Internet. The adversaries often use spoofed IP addresses, which in turn makes the defense process very difficult. The sophistication of the attack is increasing due to the difficulty in tracing back the origin of attack. The researchers have contributed many traceback schemes to find out the origin of such attacks. In the majority of the existing methods they either mark the packets or log the hash digest of the packets at the routers in the attack path, which is computational and storage intensive. The proposed IP trace back scheme is an User Datagram Protocolbased (UDP) approach using packet marking which requires computation and storage only at the edge router and victim and hence it does not overload the intermediate routers in the attack path. Unlike existing traceback schemes which requires numerous packets to traceback an attacker, the proposed scheme requires only a single trace information marked packet to identify an attacker. It supports incremental deployment which is a desirable characteristic of a practical traceback scheme. The work was simulated with real time Internet dataset from the Cooperative Association for Internet Data Analysis (CAIDA) and found that the storage requirement at the victim is less than 1.2 MB which is nearly 3413 times lesser than the existing related packet marking method. It was also implemented in real time in the experimental DDoS Test Bed the efficacy of the system was evaluated.

References

[1] Al-Duwairi B. and Govindarasu M., Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback, IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 5, pp. 403-418, 2006.

[2] Alenezi M. and Reed M., Uniform DoS traceback, Computers and Security, vol. 45, pp. 17- 26, 2014.

[3] ArborNetworks, DDoS Attacks and the Ostrich Mentality, http://www.arbornetworks.com, Last Visited 2017.

[4] Belenky A. and Ansari N., IP Traceback with Deterministic Packet Marking, IEEE Communication Letters, vol. 7, no. 4, pp. 162- 164, 2003.

[5] Belenky A. and Ansari N., On Deterministic Packet Marking, Computer Networks, vol. 51, no. 10, pp. 2677-2700, 2007.

[6] Bellovin SM. ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt, Last Visited 2000.

[7] CAIDA s Skitter Project CAIDA, http://www.caida.org/tools/measurement/skitter/ Last Visited 2017. UDP based IP Traceback for Flooding DDoS Attack 111

[8] Click Modular Router: www.read.cs.ucla.edu/click/click, Last Visited 2014.

[9] Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, RFC2474, Network Working Group, 1998, https://tools.ietf.org/html/rfc2474, Last Visited 2017.

[10] Gong C. and Sarac K., A More Practical Approach for Single-Packet IPTraceback Using Packet Logging and Marking, IEEE Transactions on Parallel and Distributed Systems, vol. 19, no. 10, pp. 1310 -1324, 2008.

[11] Goodrich MT., Probabilistic Packet Marking for Large-Scale IP Traceback, IEEE/ACM Transactions on Networking, vol. 16, no. 1, pp. 15-24, 2008.

[12] Jeonga E. and Lee B., An IP Traceback Protocol Using a Compressed Hash Table, a Sinkhole Router and Data Mining Based on Network Forensics against Network Attacks, Future Generation Computer Systems, vol. 33, pp 42 -52, 2014.

[13] Lu N., Wang Y., Su S. and Yang F., A Novel Path-Based Approach for Single-Packet IP Traceback, Security Communication. Networks, vol. 7, no. 2, pp. 309-321, 2014.

[14] Sachdeva M., Singh G., Kumar K., and Singh K., DDoS Incidents and their Impact: A Review, The International Arab Journal of Information Technology, vol. 7, no. 1, pp. 14 - 20, 2010.

[15] Saurabh S. and Sairam AS., ICMP Based IP Traceback with Negligible Overhead for Highly Distributed Reflector Attack Using Bloom Filters, Computer Communications, vol. 42, no 1, pp 60-69, 2014.

[16] Savage S., Wetherall D., Karlin A., and Anderson T., Network Support for IP Traceback, IEEE/ACM Transactions on Networking, vol. 9, no. 3, pp. 226-237, 2001.

[17] Snoeren A., Partridge C., Sanchez L., Jones C., Tchakountio F., Schwartz B., Kent S., and Strayer W., Single-packet IP Traceback, IEEE/ACM Transactions on Networking, vol. 10, no. 6, pp. 721-734, 2002.

[18] Sung M., Jun X., Jun L., and Li L., Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Information-Theoretic Foundation, IEEE/ACM Transactions on Networking, vol. 16, no. 6, pp. 1253-1266, 2008.

[19] TCPDUMP: www.tcpdump.org, Last Visited 2017.

[20] Tian H. and Bi J., An Incrementally Deployable Flow-Based Scheme for IP Traceback, IEEE Communications Letters, vol. 16, no. 7, pp. 1140- 1143, 2012.

[21] Tseng Y., Chen H., and Hsieh W., Probabilistic Packet Marking with Non-Preemptive Compensation, IEEE Communications Letters, vol. 8, no. 6, pp. 359-361, 2004.

[22] Yang M. and Yang M., RIHT: A Novel Hybrid IP Traceback Scheme, IEEE Transactions on Information Forensics and Security, vol. 7, no. 2, pp. 789- 797, 2012.

[23] Xiang Y., Li K., and Zhou W., Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics, IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, pp. 42 -437, 2011.

[24] Xiang Y., Zhou W., and Guo M., Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks, IEEE Transactions on Parallel and Distributed Systems, vol. 20, no. 4, pp. 567-580, 2009. Vijayalakshmi Murugesan received the Ph.D. degree in information andcommunication engineering at Anna University, India. She is currently inDepartment of Computer Science and Engineering, Thiagarajar College ofEngineering, India. She serves as a reviewer to several journals including IET Information Security, Wiley Security and Communication Networks.Her research interests include network security, Digital Forensics andInternet of Things. MercyShalinie Selvaraj is currently an Associate Professor and Head of the Department of Computer Science and Engineering, Thiagarajar College of Engineering, Madurai, India. Her research interest includes AI, Machine Learning and Information Security. She has the distinction of publishing over 75 research papers in refereed International and National Journals and Conferences. Her sustained research interest has made her complete sponsored R&D projects from DRDO, AICTE, DeitY, DST, NTRO, Honeywell and Yahoo. Her passion to work in Free/Open Source Software has lead to the development of ICT Framework for Thiagarajar College of Engineering which has received National level accolades. She received her Ph.D. (Computer Science and Engineering) in 2000 from Madurai Kamaraj University. She has Post Doctoral Research experience at University of California, Irvine, USA and Monash University, Melbourne, Australia.