A Probabilistic Marking Scheme for Fast Traceback

Abstract

For existing probabilistic marking technologies for IP traceback, such as Probabilistic Packet Marking (PPM), TTL-based Packet Marking (TPM) and Dynamic Probabilistic Packet Marking (DPPM), it is difficult to reconstruct attack path(s) fast and defend against spoofed marks. In this paper, we present Adaptive Probabilistic Marking scheme (APM), where the TTL value of each packet is set to a uniform number at the first-hop router, and each router deduces the distance that each packet has already traveled, and then adaptively marks the packet with the probability inversely proportional to the distance. We theoretically prove that, in APM, the victim requires the fewest packets for a successful traceback, the effect of spoofed marks can be eliminated. NS2 experiments show, in APM, the time for the victim to collect all the obligatory marks for the path reconstruction is reduced by more than 20% compared with existing schemes, and spoofed marks cannot reach the victim.