Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Information-Theoretic Foundation
Tracing attack packets to their sources, known as IP traceback, is an important step to counter Distributed Denial-of-Service (DDoS) attacks. In this paper, the authors propose a novel packet logging based (i.e., hash-based) traceback scheme that requires an order of magnitude smaller processing and storage cost than the hash-based scheme proposed by the researchers thereby being able to scalable to much higher link speed (e.g. OC-768). The baseline idea of their approach is to sample and log a small percentage (e.g. 3.3%) of packets.