61 Autonomous System Traceback for Denial of Service Mitigation

Denial of service (DoS) is a significant security threat in open networks such as the Internet. IP traceback is one important tool proposed as part of DoS mitigation and a number of traceback techniques have been proposed including probabilistic packet marking (PPM). PPM is a promising technique that can be used to trace the complete path back from a victim to the attacker by careful encoding of each router's 32-bit IP address in at least one packet of a traffic flow. However, in a network with multiple hops through a number of autonomous systems (AS), as is common with most Internet services, it may be undesirable for every router to contribute to packet marking or for an AS to reveal its internal routing structure. Additionally, due to the unknown path length, it is not possible to determine an optimal packet marking probability. This paper proposes a marking traceback technique that probabilistically marks the packets by only one router in each AS by encoding the AS number instead of a router's IP address and thus determines the AS of the attack. Traceback on the AS level has a number of advantages including a reduction in the number of bits to be encoded and a reduction in the number of routers that need to participate in the marking.