Abstract

Several IP traceback schemes employing packet marking have been proposed to trace attacks that use source address spoofing, such as DoS/DDoS attacks. A major challenge with these schemes is the limited number of bits available for marking in the IP headers. Marking this information elsewhere could lead to packet fragmentation and/or attack amplification when a clever attack is launched. We present a novel scheme, called the space-time encoding (STE) scheme, that requires very few bits to be marked on an IP packet, by every router along the attack path deterministically. At every router, this scheme makes use of the local router connectivity information to encode (mark) the incoming physical interface across multiple packets. Our analysis of the simulation results, obtained by trial runs on large data sets available that represent Internet maps, show that we need to mark only 25 bits on every packet and in the ideal case would require only 7 packets for successful traceback. Additionally, we also propose techniques that enhance the scheme to make it scalable and easily deployable.