Proposal and Implementation of Router-Based Traceback Technique

Currently, a serious problem in Internet security is protecting yourself from distributed denial of service (DDOS) attacks. One cause of this problem is that it is very difficult to identify the attacker's original IP address and host. This is because when attackers attempt to attack to target a server, they use malformed packets that spoof the source IP address, or incorrect packets that disguise the attacker's origin. In this paper, we propose new Traceback technique, Router-Based Traceback technique. Our approach is composed of two systems. One is the Traceback Daemon. The other is the Central System. Traceback Daemons report information about their own and their neighbor router's condition, and, if something happens, it reports it to the Central System. After that, the Central System can reconstruct the path of attack from the victim to the attacker or host. In contrast to previous work in this area, our approach is more advantageous because it requires fewer packets to reconstruct the attack path, and it supports a new type of DDOS attack-distributed reflection denial of service (DRDOS) attacks. Furthermore, our approach is significantly more useable by today's Internet systems.