Committee: Jun Li (chair), Reza Rejaie, Lei Jiao
Directed Research Project(May 2017)
Keywords: Traffic footprint collection, DDoS defense
Distributed Denial-of-Service (DDoS) attacks are simple to launch yet hard to defend against. For many DDoS defense strategies, quickly finding the forwarding paths taken by the attack packets is a critical step for attack mitigation. Techniques such as IP traceback and autonomous system (AS) path inference are used in DDoS defense systems to find the path information for packets in question. Though IP traceback and path inference are well-studied topics, they are not designed toward finding the whole traffic footprint, which contains all packet sources and forwarding paths.
We propose PathFinder, a log-based traffic footprint collection scheme that allows a recipient to reconstruct the AS-level forwarding path(s) that packets would take. PathFinder has multiple advantages over the traffic footprint methods in the existing DDoS defense solutions: it is scalable and friendly to incremental deployment; it does not impose network overhead when there are no user requests and little when there are; and more importantly, PathFinder does not require hardware or software changes to the existing equipment. Compared to previous solutions, these advantages increase the deployment feasibility for network providers to deploy PathFinder, with fewer drawbacks.