Efficient dynamic probabilistic packet marking for IP traceback

Recently, Denial-of-service (DoS) attack has become a pressing problem due to lack of efficient method to locate the real attackers and easy to execute with readily available source codes on the Internet. Traceback is a subtle scheme to tackle the DoS attacks. The probabilistic packet marking (PPM) is a new way for practical IP traceback. Although the PPM enables a victim to pinpoint the attacker's origin to within 25 equally possible sites, it have been shown that PPM suffers from uncertainty under attack with spoofed packets. In this work, we present a new approach, called dynamic probabilistic packet marking(DPPM), to further improve effectiveness of PPM. Instead of using a fixed marking probability, we propose to deduce how far a packet has traveled and then choose the marking probability as an inverse function of hop count traveled. The DPPM may remove uncertainty completely and enable victims to precisely pinpoint attacking origin under DoS attacks. Our proposed DPPM can be applied to DDoS attacks with a very limited uncertainty.