Nowadays, the defense against Denial of Service (DoS) attacks is receiving particular interest. Different techniques have been proposed and, in particular, the Packet Marking (PM) and TraceBack (TB) procedures demonstrated a good capacity of facing the different malicious attacks. While host-based DoS attacks are more easily traced and managed, network-based DoS attacks are a more challenging threat. The powerful point of IP TB approach is the possibility given to routers to mark and add some information on attack packets, on the basis of a fixed probability value. In this paper, we propose a possible approach for modeling the classical probabilistic PM algorithms as Markov chains, giving the possibility to obtain a closed form for the evaluation of the right number of received marked packets, in order to build a meaningful attack graph.
Meaningful attack graph reconstruction through stochastic marking analysis
Fazio P.;
2016-01-01
Abstract
Nowadays, the defense against Denial of Service (DoS) attacks is receiving particular interest. Different techniques have been proposed and, in particular, the Packet Marking (PM) and TraceBack (TB) procedures demonstrated a good capacity of facing the different malicious attacks. While host-based DoS attacks are more easily traced and managed, network-based DoS attacks are a more challenging threat. The powerful point of IP TB approach is the possibility given to routers to mark and add some information on attack packets, on the basis of a fixed probability value. In this paper, we propose a possible approach for modeling the classical probabilistic PM algorithms as Markov chains, giving the possibility to obtain a closed form for the evaluation of the right number of received marked packets, in order to build a meaningful attack graph.I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.