Network Support for IP Traceback
It describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or “spoofed,” source addresses. In this paper, we describe a general purpose traceback mechanism based on probabilistic packet marking in the network.
Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed “post mortem”-after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backward compatible, and can be efficiently implemented using conventional technology.
Denial of service attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult to trace. In the last several years, Internet denial-of-service attacks have increased in frequency, severity, and sophistication. Howard reports that between the years of 1989 and 1995, the number of such attacks reported to the Computer Emergency Response Team (CERT) increased by 50% per year.
More recently, a 1999 CSI/FBI survey reports that 32% of respondents detected denial-of-service attacks directed against their sites.Even more worrying, recent reports indicate that attackers have developed tools to coordinate distributed attacks from many separate sites.
A perfect solution to this problem is complicated by the potential use of indirection to “launder” the true causal origin of an attack. For example, an attack may consist of packets sent from many different slave machines, themselves under the control of a remote master machine.
In this paper, we present a new approach to the traceback problem that addresses the needs of both victims and network operators. Our solution is to probabilistically mark packets with partial path information as they arrive at routers. This approach exploits the observation that attacks generally comprise large numbers of packets. While each marked packet represents only a “sample” of the path it has traversed, by combining a modest number of such packets a victim can reconstruct the entire path. This allows victims to locate the approximate source of attack traffic without requiring the assistance of outside network operators. Moreover, this determination can be made even after an attack has completed. Both facets of our solution represent substantial improvements over existing capabilities for dealing with flooding-style denial-of-service attacks.
we have argued that denial-of-service attacks motivate the development of improved traceback capabilities and we have explored traceback algorithms based on packet marking in the network. We have shown that this class of algorithm, best embodied in edge sampling, can enable efficient and robust multiparty traceback that can be incrementally deployed and efficiently implemented. As well, we have developed variant algorithms that sacrifice convergence time and robustness for reduced per-packet space requirements. Finally, we have suggested one potential deployment strategy using such an algorithm based on overloading existing IP header fields and we have demonstrated that this implementation is capable of fully tracing an attack after having received only a few thousand packets. We believe our solution represents a valuable first step toward an automated network-wide traceback facility. Several areas remain to be addressed in future work, such as improving robustness under distributed attacks and tracing past points of indirection such as reflectors.
Optimal Frequency Hopping Sequences: A Combinatorial Approach
Frequency hopping multiple access (FHMA) spreadspectrum communication systems employing multiple frequencyshift keying (MFSK) as data modulation technique are investigated from a combinatorial approach. A correspondence between optimal frequency hopping (FH) sequences and partition-type difference packings is first established. By virtue of this correspondence, FHMA systems with a single optimal FH sequence each are constructed from various combinatorial structures such as affine geometries, cyclic designs, and difference families.
In this paper, we are concerned with frequency hopping multiple access (FHMA) spread-spectrum communication systems, employing multiple frequency-shift keying (MFSK) as data modulation technique. Detailed description for such a system can be found.Let be a set of frequencies called a frequency library and , where , be a sequence of frequencies called a frequency hopping (FH) sequence of length over . In an FHMA system, each sender transmits a message along with switching frequencies in every time slot according to an FH sequence provided to him. In practice, the switching occurs very frequently, say, 1600 times per second in “Bluetooth” wireless technology (for detailed technical information about Bluetooth,. FH sequences are used iteratively, i.e., they appear as . The corresponding receiver then dehops the received signals using the same hopping pattern
Combinatorial recursive constructions are also presented. Many new infinite series of optimal FH sequences are thus obtained. These new FH sequences are also useful in ultra wideband (UWB) communication systems.In this paper, we investigate FHMA systems with a single FH sequence each from the standpoint of combinatorial designs. A correspondence between FH sequences and combinatorial structures called partition-type difference packings is established. This correspondence reveals that in order to construct optimal FH sequences,need only construct their corresponding difference packings.It is shown that a geometrical construction can produce optimal FH sequences with the same parameters.
Then devoted to direct algebraic constructions, by which many new optimal FH sequences are produced. These new optimal FH sequences can be used as ingredients in our combinatorial recursive constructions presented. Many new infinite series of optimal FH sequences are thus obtained due to this completely new approach.
In this paper, investigated frequency hopping multiple access (FHMA) systems with a single optimal frequency hopping (FH) sequence each from a combinatorial design-theoretic point of view.Here,established a connection between FH sequences and partition-type difference packings. This connection allowed us to obtain optimal FH sequences by constructing their corresponding difference packings of partition type. various combinatorial structures such as affine geometries , cyclic Steiner -designs, cyclically resolvable Steiner -designs , and difference packings and families were utilized to construct optimal FH sequences.