HPSIPT: A high-precision single-packet IP traceback scheme

Abstract

Distributed Denial of Service (DDoS) attack remains a major threat, even in the era of connected devices. Attackers often hide their identity, making defending or identifying and subsequently prosecuting them difficult. In this paper, we propose a novel high-precision single-packet IP traceback (HPSIPT) scheme that facilitates the trace back of each spoofed packet to its origin. Numerous IP trace back techniques for tracing attackers exist; however, they are limited either by the number of packets required or the storage and computational overheads incurred at the routers. By contrast, the proposed technique incurs negligible storage and computational overheads. Simulation results based on real-world Internet topologies (obtained from CAIDA) reveal that the proposed IP traceback scheme has a precision of 0.9751, accuracy of 0.9053, recall of 0.8580 and an F1 score of 0.9128 when tracing 130,000 attackers. The implementation of the proposed scheme requires less than 10 KB of storage in most routers, which is approximately 32 times less than that required by other state-of-the-art single-packet traceback techniques. The efficacy of the proposed scheme is compared with that of other single-packet traceback schemes in terms of computational time, storage, accuracy, precision, recall and F1 score. Statistical tests are performed to support the statistical significance of the obtained results.