Denial of Service (DoS) attacks by an abuse of the networks which consists
of a large number of the general public affect confidence in the
information-oriented society.
The attacker in an DoS attack sends the victim server a large number of
packets and intends to disturb the services the victim serves to legitimate
users.
Recently almost all the DoS attacks disperses the packets to send the victim
to a multitude of compromised hosts, what is called DDoS attacks, thereby
causing the difficulty in identification between legitimate packets and
unlegitimate packets; therefore the countermeasure against DoS attacks is a
serious problem.
The countermeasure is roughly divided into two approaches; one is the
filtering method which aims the reduction of congestion in networks by the
attacks and the other is the traceback method which aims the restraint of
the attacks from the establishment of the technique detecting the attackers.
Pushback is regarded as the most effective technique in the filtering
methods.
In Pushback, a router receives the message composed of the characteristics
of attack packets and the acceptable rate from the adjacent router, and it
limits the relay of the attack packets fitted to the feature. Moreover each
router sends the message to the adjacent router thereby Pushback eases the
congestion by DoS attacks. Pushback drops attack packets effectively,
however there are cases in which it drops even legitimate packets by mistake
because of the difficulty of picking out the feature of attack packets.
Probabilistic Packet Marking (PPM) is the most effective technique in the
traceback methods.
PPM makes each router in network mark its own information and reconstructs
the path to attackers.
The methods on PPM are mainly evaluated by the number of the packets
required for reconstructing an attack path.
In our study, for the purpose of the reinforcement of the countermeasure
against DoS attacks, we addressed to the resolution of the problems in
Pushback and PPM. In Pushback, first we constructs the attack model composed
of the number of attack hosts, each sending rate, and the distribution.
Secondly we formularizes the behavior of Pushback. Based on this
construction, we theoretically evaluated the rate of a loss of legitimate
packets for the various attack models, which is impossible in the evaluation
by simulation.
In PPM, we achieved the reduction of the packets by changing the marking
probability of each router from fixed one to the one dependent on the
distance to the victim. This contributes reducing the required packets per
path, which raises the possibility of succeeding in path reconstruction.
|