Top | Introduction | Members | Activities | Call for Paper | Link | Japanese

    Denial of Service (DoS) attacks by an abuse of the networks which consists
    of a large number of the general public affect confidence in the
    information-oriented society.
    The attacker in an DoS attack sends the victim server a large number of
    packets and intends to disturb the services the victim serves to legitimate
    Recently almost all the DoS attacks disperses the packets to send the victim
    to a multitude of compromised hosts, what is called DDoS attacks, thereby
    causing the difficulty in identification between legitimate packets and
    unlegitimate packets; therefore the countermeasure against DoS attacks is a
    serious problem.
    The countermeasure is roughly divided into two approaches; one is the
    filtering method which aims the reduction of congestion in networks by the
    attacks and the other is the traceback method which aims the restraint of
    the attacks from the establishment of the technique detecting the attackers.
    Pushback is regarded as the most effective technique in the filtering
    In Pushback, a router receives the message composed of the characteristics
    of attack packets and the acceptable rate from the adjacent router, and it
    limits the relay of the attack packets fitted to the feature. Moreover each
    router sends the message to the adjacent router thereby Pushback eases the
    congestion by DoS attacks. Pushback drops attack packets effectively,
    however there are cases in which it drops even legitimate packets by mistake
    because of the difficulty of picking out the feature of attack packets.
    Probabilistic Packet Marking (PPM) is the most effective technique in the
    traceback methods.
    PPM makes each router in network mark its own information and reconstructs
    the path to attackers.
    The methods on PPM are mainly evaluated by the number of the packets
    required for reconstructing an attack path.
    In our study, for the purpose of the reinforcement of the countermeasure
    against DoS attacks, we addressed to the resolution of the problems in
    Pushback and PPM. In Pushback, first we constructs the attack model composed
    of the number of attack hosts, each sending rate, and the distribution.
    Secondly we formularizes the behavior of Pushback. Based on this
    construction, we theoretically evaluated the rate of a loss of legitimate
    packets for the various attack models, which is impossible in the evaluation
    by simulation.
    In PPM, we achieved the reduction of the packets by changing the marking
    probability of each router from fixed one to the one dependent on the
    distance to the victim. This contributes reducing the required packets per
    path, which raises the possibility of succeeding in path reconstruction.

    [ back ]