Packet Marking With Distance Based Probabilities for IP Traceback

Abstract

IP traceback is one of the most important parts of the defense mechanism against DDoS attacks that widely use IP spoofing. Probabilistic Packet Marking (PPM) approach, in which routers probabilistically mark packets they transmit, seems to be a promising solution to perform an efficient IP traceback. In this work, we propose a new scheme that uses node sampling and routers mark packets with distance based probabilities. Also, a simulation model is constructed in order to evaluate and compare the performance of different PPM approaches objectively. Our simulation model is based on OMNET++ and INET Framework and can perform analysis by using evaluation metrics such as minimum number of packets required, robustness against spoofed packets, number of false positives and false negatives under large-scale DDoS attacks.