An implementation of a hierarchical IP traceback architecture

Abstract

The IP traceback technique detects sources of attack nodes and the paths traversed by anonymous DDoS (distributed denial of service) flows with spoofed source addresses. We propose a hierarchical IP traceback architecture, which decomposes the Internet-wide traceback procedure into inter-domain traceback and intradomain traceback. Our proposed method is different from existing approaches in that our method is independent from a single IP traceback mechanism, and domain decomposition is based on existing operational models of the Internet. Moreover, it has the capability of being used for not only the IPv4 network, but also the IPv6 network.