A Precise and Practical IP Traceback Technique Based on Packet Marking and Logging

Abstract

Tracing malicious packets back to their source is important to defend the Internet against Denial of Service (DoS) intrusion. IP traceback is just the technique to realize the goal, it reconstructs IP packets traversed path in the Internet to determine their origins. There are two major kinds of IP traceback techniques, which have been proposed as packet marking and packet logging. In packet marking, it incurs little overhead, but requires a large number of packets to get the complete path. In packet logging, it requires plenty of storage space to record packet digests information, but has the capability to trace even a single packet. Therefore, it is a new idea to draw on both advantages to get the intrusion source. HIT (Hybrid IP Traceback) is a representative hybrid IP traceback approach, but it has some vulnerabilities. It may return incorrect path in the traceback process, and its storage overhead remains high. In this paper, we propose a precise IP traceback approach with low storage overhead, which improves accuracy and practicality greatly. In the end, the feasibility and effectiveness are evaluated by mathematical analysis and simulations.