1 / 8

iTrace Probability: 1/20,000

iTrace Probability: 1/20,000. For routers closer to the victim, useful iTrace messages will be produced very frequently. But, for routers closer to a slave with a low packet rate, it can take a long time, statistically, for the “right” iTrace messages to be generated.

zola
Download Presentation

iTrace Probability: 1/20,000

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. iTrace Probability: 1/20,000 For routers closer to the victim, useful iTrace messages will be produced very frequently. But, for routers closer to a slave with a low packet rate, it can take a long time, statistically, for the “right” iTrace messages to be generated. A high-rate attack flow from the slave: A low-rate attack flow from the slave: Aggregation of lower-rate flows at routers near the victims: S. Felix Wu and Dan Massey

  2. Intention-driven iTrace • Different destinationhosts, networks, domains/ASs have different “intention levels” in receiving iTrace packets. • We propose to add one “iTrace-intention” bit. • Some of them might not care about iTrace, and some of them might not be under DDoS attacks, for example. S. Felix Wu and Dan Massey

  3. Intention-Driven iTrace architecture (draft-wu-itrace-intention-01.txt) BGP routing table iTrace generation module intention iTrace trigger?? P% Intention selection module iTrace intention bits intention iTrace trigger copy copy User (firmware) Kernel (hardware) iTrace Execution bit 1/20K iTrace selection packet- forwarding table S. Felix Wu and Dan Massey

  4. Processing Overhead 1/20K iTrace message trigger occurs: 1. Select and Set one iTrace Intention bit from the BGP table. Processing for each data packet: 1. if the iTrace Execution bit is 1, (1). Copy this packet to the iTrace daemon. (2). reset the iTrace Execution bit to 0. S. Felix Wu and Dan Massey

  5. Differences from the 00 draft • Piit for probabilistically controlling normal versus intention iTrace • The difference between iib (iTrace intention bits in the BGP routing table) and ieb (iTrace execution bit in the forwarding table). S. Felix Wu and Dan Massey

  6. Comments Received • The confusion of “statistics”. • Each packet will have a constant probability to be traced (1/20K). • Packet flows with higher rate will statistically get iTraced faster. • Maliciously sending “intentions” to grab all the iTrace resources. • Using Piit to keep some normal iTrace. • Hard to add one extra bit to the forwarding table. • Looking for ways to implement intention iTrace without modifying the packet forwarding process. S. Felix Wu and Dan Massey

  7. Relationship with “iTrace” • Add iib, ieb and the mechanism for processing “iTrace triggers”. • The proposed architecture will be identical to the original iTrace architecture if Piit = 0. • Need to worry about the “probability element (TAG = 0x0A)” when Piit > 0. S. Felix Wu and Dan Massey

  8. Status • Simulation results for draft-00 to appear in ICCCN’2001. • Simulation and prototype implementation (in Linux) for draft-01 in progress. • Probability analysis (for the probability element, TAG=0x0A) for intention iTrace just started. S. Felix Wu and Dan Massey

More Related