A practical and robust inter-domain marking scheme for IP traceback

A practical and robust inter-domain marking scheme for IP traceback is proposed. We first identify six drawbacks of Probabilistic Packet Marking (PPM), and then contrive a synergic scheme to address all of them. To relieve the victim from the daunting computational overhead, we derive the optimal marking probability with respect to the number of packets required for path reconstruction, and explore two different approaches to enhance PPM. In so doing, computational burden and spoofed marking inscribed by the attacker are thwarted. Next, we study the issue of bogus marking incurred by subverted routers. By coupling the marking and routing information, a downstream router can examine the correctness of the marking provided by upstream routers, thus eliminating the spurious marking embedded by subverted routers. Our coarse-grained marking tactic (marking at the AS level rather than hop-by-hop) brings two additional benefits: our scheme can effectively suppress false positives, and partial deployment of our scheme may achieve the similar effect as global deployment in the power-law Internet. Finally, we evaluate and analyze the performance of our proposal on empirical Internet measurement data. Results show that as many as 90.67% of marked packets required for path reconstruction may be reduced on average while false positives are greatly suppressed and robustness is significantly enhanced. (c) 2006 Elsevier B.V. All rights reserved.