| In this thesis, we present the detailed design and analysis of our solution to the IP traceback problem. We adopt and enhance, at the Autonomous System (AS) level, a path signature generation method which was proposed at the router level to primarily provide a means of filtering attack traffic. Our solution assumes a secure BGP routing infrastructure to exchange authenticated messages in order to learn path signatures. This solution is hierarchical in the sense that it works at the AS-level first, then once a small list of possible source ASes is identified, those ASes are queried and traceback is performed within each AS to prune the list down to the actual source. We envision the local adoption of a separate, yet complementary, traditional traceback system at each AS. Using simulation results we demonstrate that our solution is practical since it reduces---as a first step---the search space from the entire router space of the Internet to an AS-list that is only a very small fraction of all possible ASes. We go on to propose a means of using more than 16 bits of the IP fragmentation fields which are traditionally used by various IP traceback systems. We present results based on using various sizes for the marking field, as well as varying number of total marks and different sizes for each mark. |
