ABSTRACT:
The objective of this research is to study the Internet Protocol (IP) traceback technique in defeating Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks. Tracing attackers is the first and most important step to solve the DoS/DDoS problem. In this dissertation, two new traceback techniques, PHIL and Intention-Driven iTrace, are proposed and evaluated. Based on the IPSec infrastructure, previously, the Decentralized Source Identification for Network-based Intrusions (DECIDUOUS) module has been implemented and evaluated. However, in order to trace attack sources across different administrative domains securely, the notion of Packet Header Information List (PHIL) for IPSec is proposed to enhance DECIDUOUS module. Second, it is shown, in this thesis, that the iTrace (ICMP traceback, being standardized in IETF) has some serious drawbacks. To overcome these drawbacks, the Intention-Driven iTrace (ID-iTrace) and the Hybrid iTrace schemes are proposed. Our simulation results confirm that the original iTrace scheme is not able to handle low attack traffic well. From our simulation, the Hybrid iTrace scheme is evaluated and demonstrated to be an efficient and practical mechanism for tracing DoS/DDoS attacks.
