Autonomous System based Flow Marking Scheme for IP-Traceback

Tracing IP packets to their sources, known as IP-Traceback, is a critical task in defending against IP spoofing and DoS attacks. There are several solutions to traceback to the origin of the attack. However, all these solutions require either all routers or ISPs to support the same IP-Traceback mechanism. To address this limitation, we propose an IP-Traceback approach at the level of autonomous systems, called Autonomous System-based Flow Marking, ASFM, to identify some key locations in the path where attacker packets are being forwarded. ASFM employs the BGP update message community attribute that enables information to be passed across ASs even if they are not necessarily involved in the IP-Traceback scheme. We also propose an authentication method, so a downstream AS can examine the correctness of the marking provided by the upstream ASs, thus eliminating the fake marking embedded by subverted routers. Finally, we evaluate and analyze the performance of our proposal, using real life datasets.