An enhancement of probability packet marking (PPM) used to trace back the DoS attacker is proposed by this paper. Our work is based on the probabilistic packet marking algorithm by Savage[1] in which an attack graph can be reconstructed by a victim site. Furthermore, we discuss some routers which do not support PPM in attacked path called non-PPM router. We use algorithm to recover one and two successive non-PPM routers. Recover three and four successive non-PPM routers by using IP RR (record routing) option. Five successive non-PPM routers and above are between two PPM routers, we discuss about Loosen Source Routing that record all traveled IP addresses into IP header. The temp table record edges which produced by proposed algorithm. And the hop table records which path the packet come from. Before the PPM system run, routers send probe packets we proposed above to recover the incomplete attack path.
Identifer | oai:union.ndltd.org:NSYSU/oai:NSYSU:etd-0623104-145745 |
Date | 23 June 2004 |
Creators | Huang, Ming-Cheng |
Contributors | none, none, none, none |
Publisher | NSYSU |
Source Sets | NSYSU Electronic Thesis and Dissertation Archive |
Language | English |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0623104-145745 |
Rights | restricted, Copyright information available at source archive |
Page generated in 0.0021 seconds