A design of history based traffic filtering with probabilistic packet marking against DoS attacks

Tadashi Kiuchi, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Recently, one of threats on the increasing network includes DoS(Denial of Service) attacks. A large amount of packets is transmitted to a server that becomes a target of DoS attacks. Therefore, a packet filtering that intercepts the communication of a doubtful packet is researched. We investigate two packet filtering methods. In the history based filtering, it looks for IP addresses that frequently appears at a router. DoS attack traffic is filtered by filtering IP address not observed usually so much. However, the filtering method is weak when the attacker know how to filtering. In the filtering approach that uses the probabilistic packet marking, a communication from an attack path is intercepted and the technique for intercepting the attack is proposed. However, an non-attacker's communication is also intercepted, and there is a problem that the number of packets necessary for the route construction increases according to a superscription of mark information. Then, to solve both problems of the expression, it proposes the probabilistic packet marking with and the filtering approach using the observation of transmission source IP address. The attack path is specified from mark information when an attack starts, and an attack packet is filtered from the record and mark information on an address of the router. It becomes possible to prevent packets being filtered when packets sent by a result and regular those who communicate is marked on the attack path. This technique achieve low false positive of benign traffic.

Original languageEnglish
Title of host publicationProceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
Pages261-264
Number of pages4
DOIs
Publication statusPublished - Nov 29 2010
Event2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 - Seoul, Korea, Republic of
Duration: Jul 19 2010Jul 23 2010

Publication series

NameProceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

Other

Other2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
CountryKorea, Republic of
CitySeoul
Period7/19/107/23/10

Fingerprint

Telecommunication traffic
Routers
Communication
Servers
Denial-of-service attack

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Kiuchi, T., Hori, Y., & Sakurai, K. (2010). A design of history based traffic filtering with probabilistic packet marking against DoS attacks. In Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 (pp. 261-264). [5598129] (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010). https://doi.org/10.1109/SAINT.2010.44

A design of history based traffic filtering with probabilistic packet marking against DoS attacks. / Kiuchi, Tadashi; Hori, Yoshiaki; Sakurai, Kouichi.

Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010. 2010. p. 261-264 5598129 (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kiuchi, T, Hori, Y & Sakurai, K 2010, A design of history based traffic filtering with probabilistic packet marking against DoS attacks. in Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010., 5598129, Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010, pp. 261-264, 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010, Seoul, Korea, Republic of, 7/19/10. https://doi.org/10.1109/SAINT.2010.44
Kiuchi T, Hori Y, Sakurai K. A design of history based traffic filtering with probabilistic packet marking against DoS attacks. In Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010. 2010. p. 261-264. 5598129. (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010). https://doi.org/10.1109/SAINT.2010.44
Kiuchi, Tadashi ; Hori, Yoshiaki ; Sakurai, Kouichi. / A design of history based traffic filtering with probabilistic packet marking against DoS attacks. Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010. 2010. pp. 261-264 (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010).
@inproceedings{9c847d038965405ca8ec2eba74eec6a1,
title = "A design of history based traffic filtering with probabilistic packet marking against DoS attacks",
abstract = "Recently, one of threats on the increasing network includes DoS(Denial of Service) attacks. A large amount of packets is transmitted to a server that becomes a target of DoS attacks. Therefore, a packet filtering that intercepts the communication of a doubtful packet is researched. We investigate two packet filtering methods. In the history based filtering, it looks for IP addresses that frequently appears at a router. DoS attack traffic is filtered by filtering IP address not observed usually so much. However, the filtering method is weak when the attacker know how to filtering. In the filtering approach that uses the probabilistic packet marking, a communication from an attack path is intercepted and the technique for intercepting the attack is proposed. However, an non-attacker's communication is also intercepted, and there is a problem that the number of packets necessary for the route construction increases according to a superscription of mark information. Then, to solve both problems of the expression, it proposes the probabilistic packet marking with and the filtering approach using the observation of transmission source IP address. The attack path is specified from mark information when an attack starts, and an attack packet is filtered from the record and mark information on an address of the router. It becomes possible to prevent packets being filtered when packets sent by a result and regular those who communicate is marked on the attack path. This technique achieve low false positive of benign traffic.",
author = "Tadashi Kiuchi and Yoshiaki Hori and Kouichi Sakurai",
year = "2010",
month = "11",
day = "29",
doi = "10.1109/SAINT.2010.44",
language = "English",
isbn = "9780769541075",
series = "Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010",
pages = "261--264",
booktitle = "Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010",

}

TY - GEN

T1 - A design of history based traffic filtering with probabilistic packet marking against DoS attacks

AU - Kiuchi, Tadashi

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2010/11/29

Y1 - 2010/11/29

N2 - Recently, one of threats on the increasing network includes DoS(Denial of Service) attacks. A large amount of packets is transmitted to a server that becomes a target of DoS attacks. Therefore, a packet filtering that intercepts the communication of a doubtful packet is researched. We investigate two packet filtering methods. In the history based filtering, it looks for IP addresses that frequently appears at a router. DoS attack traffic is filtered by filtering IP address not observed usually so much. However, the filtering method is weak when the attacker know how to filtering. In the filtering approach that uses the probabilistic packet marking, a communication from an attack path is intercepted and the technique for intercepting the attack is proposed. However, an non-attacker's communication is also intercepted, and there is a problem that the number of packets necessary for the route construction increases according to a superscription of mark information. Then, to solve both problems of the expression, it proposes the probabilistic packet marking with and the filtering approach using the observation of transmission source IP address. The attack path is specified from mark information when an attack starts, and an attack packet is filtered from the record and mark information on an address of the router. It becomes possible to prevent packets being filtered when packets sent by a result and regular those who communicate is marked on the attack path. This technique achieve low false positive of benign traffic.

AB - Recently, one of threats on the increasing network includes DoS(Denial of Service) attacks. A large amount of packets is transmitted to a server that becomes a target of DoS attacks. Therefore, a packet filtering that intercepts the communication of a doubtful packet is researched. We investigate two packet filtering methods. In the history based filtering, it looks for IP addresses that frequently appears at a router. DoS attack traffic is filtered by filtering IP address not observed usually so much. However, the filtering method is weak when the attacker know how to filtering. In the filtering approach that uses the probabilistic packet marking, a communication from an attack path is intercepted and the technique for intercepting the attack is proposed. However, an non-attacker's communication is also intercepted, and there is a problem that the number of packets necessary for the route construction increases according to a superscription of mark information. Then, to solve both problems of the expression, it proposes the probabilistic packet marking with and the filtering approach using the observation of transmission source IP address. The attack path is specified from mark information when an attack starts, and an attack packet is filtered from the record and mark information on an address of the router. It becomes possible to prevent packets being filtered when packets sent by a result and regular those who communicate is marked on the attack path. This technique achieve low false positive of benign traffic.

UR - http://www.scopus.com/inward/record.url?scp=78649295244&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78649295244&partnerID=8YFLogxK

U2 - 10.1109/SAINT.2010.44

DO - 10.1109/SAINT.2010.44

M3 - Conference contribution

SN - 9780769541075

T3 - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

SP - 261

EP - 264

BT - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

ER -