HDSL: A Hybrid Distributed Single-packet Low-storage IP Traceback Framework.

M. Fadel, Magdy

doi:10.21608/bfemu.2021.211300

HDSL: A Hybrid Distributed Single-packet Low-storage IP Traceback Framework.

Document Type : Research Studies

Author

Magdy M. Fadel

Chief engineer of computers and systems, Faculty of Engineering, Mansoura University

10.21608/bfemu.2021.211300

Abstract

Many problems with IP protocol design facilitate the mission of the Distributed Denial of Service (DDoS) attackers. This paper proposes a new Hybrid Distributed Single-packet Low-storage (HDSL) IP traceback framework, which consists of three enhanced DDoS defense mechanisms. The first mechanism is a Deterministic Packet Marking (DPM) to compose a unique path identifier for validating network paths. The second is a low-storage space packet logging to locally log routed packets information which is used later for locating the source of even a single attacking packet. The third, pushes the aggregates of the attacking packets upstream one or more levels to alleviate the congestion occurred at or near the target to legitimate packets dropping. Three algorithms are developed for this purpose. An Intrusion Detection System (IDS) is also used to administrate the defense modules of the framework, and managing network information. Experimental results show that the traceback performance is improved from many aspects. First, the percentage of false edges returned is decreased as a result of the proposed accurate low collision path identifiers. Also, the required logging space is reduced to more than 70% of other mechanisms. Finally, the ratio of the legitimate packets dropped due to attacking packets congestion aggregates potentially decreased for deploying the pushback principle.

Keywords