Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks

Sherif Khattab, Rami Melhem, Daniel Mossé, Taieb Znati

Research output: Contribution to journalArticlepeer-review

11 Citations (Scopus)


The Denial-of-Service (DoS) attack is a challenging problem in the current Internet. Many schemes have been proposed to trace spoofed (forged) attack packets back to their sources. Among them, hop-by-hop schemes are less vulnerable to router compromise than packet marking schemes, but they require accurate attack signatures, high storage or bandwidth overhead, and cooperation of many ISPs. In this paper, we propose honeypot back-propagation, an efficient hop-by-hop traceback mechanism, in which accurate attack signatures are obtained by a novel leverage of the roaming honeypots scheme. The reception of attack packets by a roaming honeypot (a decoy machine camouflaged within a server pool) triggers the activation of a tree of honeypot sessions rooted at the honeypot under attack toward attack sources. The tree is formed hierarchically, first at Autonomous system (AS) level and then at router level. Honeypot back-propagation supports incremental deployment by providing incentives for ISPs even with partial deployment. Against low-rate attackers, most traceback schemes would take a long time to collect the needed number of packets. To address this problem, we also propose progressive back-propagation to handle low-rate attacks, such as on-off attacks with short bursts. Analytical and simulation results demonstrate the effectiveness of the proposed schemes under a variety of DDoS attack scenarios.

Original languageEnglish
Pages (from-to)1152-1164
Number of pages13
JournalJournal of Parallel and Distributed Computing
Issue number9
Publication statusPublished - Sept 2006
Externally publishedYes


  • Denial-of-Service attacks
  • Honeypots
  • Network security
  • Traceback

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications
  • Artificial Intelligence


Dive into the research topics of 'Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks'. Together they form a unique fingerprint.

Cite this