Enhanced probabilistic packet marking traceback mechanism
Tan, Wei Peng
Date of Issue2006
School of Computer Engineering
This thesis introduces two new schemes: Entropy-Minimization Clustering Technique for Probabilistic Packet Marking Scheme  and Legitimacy Investigation and Intention-Based Probabilistic Packet Marking Scheme  to improve the performance of PPM. The first scheme, Entropy-Minimization Clustering Technique for Probabilistic Packet Marking Scheme is developed to provide a more effective traceback mechanism. The new technique divides the attack traffic into clusters and processes them in parallel. This method of dividing the path reconstruction into smaller clusters significantly reduces the total number of combinations that need to be checked and will in turn minimize the probability of reconstructing a false positive. Our simulation results show that the combination overhead can be reduced by an average of N9 times, where N is the number of clusters. Our new approach has the same advantage as PPM scheme because it is entirely passive and does not generate any probe traffic into the network. In contrast to the previous work, the new technique is much more efficient and effective during path reconstruction under large-scale DDoS attacks.
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
Nanyang Technological University