Traceback of DOS Over Autonomous Systems

Denial of service (DoS) is a significant security threat in open networks such as the Internet. The existing limitations of the Internet protocols and the common availability tools makea DoS attack both effective and easy to launch. There are many different forms of DoS attack and the attack size could be amplified from a single attacker to a distributed attack such as a distributed denial of service (DDoS). IP traceback is one important tool proposed as part of DoS mitigation and a number of traceback techniques have been proposed including probabilistic packet marking (PPM). PPM is a promising technique that can be used to trace the complete path back from a victim to the attacker by encoding of each router's 32-bit IP address in at least one packet of a traffic flow. However, in a network with multiple hops through a number of autonomous systems (AS), as is common with most Internet services, it may be undesirable for every router to contribute to packet marking or for anAS to reveal its internal routing structure. This paper proposes two new efficient autonomous system (AS) traceback techniques to identify the AS of the attacker by probabilistically markingthe packets. Traceback on the AS level has a number of advantagesincluding areduction in the number of bits to be encoded and a reduction in the number of routers that need to participate in the marking. Our results show a better performance comparing to PPM and other techniques.