Enhanced probabilistic packet marking traceback mechanism

This thesis introduces two new schemes: Entropy-Minimization Clustering Technique for Probabilistic Packet Marking Scheme [102] and Legitimacy Investigation and Intention-Based Probabilistic Packet Marking Scheme [103] to improve the performance of PPM. The first scheme, Entropy-Minimization Cluster...

Full description

Saved in:
Bibliographic Details
Main Author: Tan, Wei Peng
Other Authors: Lee Chee Jwai
Format: Theses and Dissertations
Published: 2008
Subjects:
Online Access:https://hdl.handle.net/10356/2464
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Description
Summary:This thesis introduces two new schemes: Entropy-Minimization Clustering Technique for Probabilistic Packet Marking Scheme [102] and Legitimacy Investigation and Intention-Based Probabilistic Packet Marking Scheme [103] to improve the performance of PPM. The first scheme, Entropy-Minimization Clustering Technique for Probabilistic Packet Marking Scheme is developed to provide a more effective traceback mechanism. The new technique divides the attack traffic into clusters and processes them in parallel. This method of dividing the path reconstruction into smaller clusters significantly reduces the total number of combinations that need to be checked and will in turn minimize the probability of reconstructing a false positive. Our simulation results show that the combination overhead can be reduced by an average of N9 times, where N is the number of clusters. Our new approach has the same advantage as PPM scheme because it is entirely passive and does not generate any probe traffic into the network. In contrast to the previous work, the new technique is much more efficient and effective during path reconstruction under large-scale DDoS attacks.