Abstract

Info

Author(s):: Zong Yian¹; Dou Wanfeng¹; ²; 1.School of Mathematics and Computer Science,Nanjing Normal University,Nanjing 210097,China;2.National Important Laboratory of Computer Software New Technology,Nanjing University,Nanjing 210093,China

Keywords:: den ial of serv ice attack; IP traceback; dete rm inistic packetm a rking; MAC- based authentication

Abstract:: Determ in istic packet m ark ing ( DPM ) a lgo rithm only requires edge routers to pe rfo rm packe tm arking and can trace a large number of a ttackers sim ultaneously w ith on ly a few packets from each attacker. For that, comprom ised routers, e ither edge route rs o r transit routers, can eas ily forge packetm ark ings to prevent the v ictim perform ing reconstruction successfu lly. For that, a new schem e, nam ely MAC - based Authenticated DPM ( ADPM ), is proposed. Researches ind ica te that ADPM algor ithm supplies sufficien t secur ity tha t attackers in subnets o r com prom ised routers cannot forgem arkings, wh ich assures the veracity o f address reconstruc tion a t the v ictim.