A prediction based approach to IP traceback

Ankunda R. Kiremire, Matthias R. Brust, Vir V. Phoha

Research output: Chapter in Book/Entry/PoemConference contribution

4 Scopus citations


Sources of a Distributed Denial of Service (DDoS) attack can be identified by the traffic they generate using the IP traceback technique. Because of its relevance, the Probabilistic Packet Marking (PPM) schemes for IP traceback is an intensively researched field. In these schemes, routers are given the extra function of randomly selecting packets from those that go through them, to embed their address information in those selected packets. During or after the attack, the paths that were traversed by the attack traffic can be identified based on the router information in the marked packets. Since these schemes require a large number of received packets to trace an attacker successfully, they usually demand a high time and space complexity to trace many attackers as is the case in DDoS attacks. This is partly because the marking scheme allows remarking, where routers can overwrite previous marking information in a selected packet, which leads to data loss. We present the Prediction Based Scheme (PBS), which is an addition to the PPM schemes for IP tracetrack. The proposed approach consists of two parts: (a) a marking scheme, that reduces the number of packets required to trace a DoS attacker and (b) an extension to a traceback algorithm, whose main feature is to return a complete attack graph with fewer received packets than the traditional algorithm. The proposed marking scheme alleviates the problem of data loss by ensuring previous marking information is not overwritten. Additionally, the proposed traceback algorithm uses graphs built using legitimate traffic to predict the path taken by attack traffic. Results show that the marking scheme in PBS, compared to PPM, ensures that traceback is possible with about 54% as many total packets to achieve complete attack path construction, while the traceback algorithm takes about 33% as many marked packets.

Original languageEnglish (US)
Title of host publication2012 IEEE 37th Conference on Local Computer Networks Workshops, LCN Workshops 2012
Number of pages8
StatePublished - Dec 1 2012
Externally publishedYes
Event2012 IEEE 37th Conference on Local Computer Networks Workshops, LCN Workshops 2012 - Clearwater, FL, United States
Duration: Oct 22 2012Oct 25 2012

Publication series

NameProceedings - Conference on Local Computer Networks, LCN


Other2012 IEEE 37th Conference on Local Computer Networks Workshops, LCN Workshops 2012
Country/TerritoryUnited States
CityClearwater, FL


  • IP traceback
  • distributed denial of service (DDoS)
  • network security
  • probabilistic packet marking (PPM)

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture


Dive into the research topics of 'A prediction based approach to IP traceback'. Together they form a unique fingerprint.

Cite this