Branch label based probabilistic packet marking for IP traceback

Distributed Denial-of-Services (DDoS) attacks have been one of the most serious security issues. DDoS attacks disable legitimate services on victim hosts by flooding packet flows to the hosts from a lot of different compromised hosts. It is considered the most effective mitigation to filter the attacking packet flows at the router interfaces closest to the attackers. Precise identification of these interfaces is a key point. Edge Sample (ES) based Probabilistic Packet Marking (PPM) is an encouraging method to cope with source IP spoofing, a popular identification jamming, which usually accompany DDoS attacks. But its fragmentation of path information leads to inefficiency in terms of necessary number of packets, path calculation time and identification accuracy. We propose Branch Label (BL) based PPM to solve the above inefficiency problem. In BL, a single path information is marked in a packet without fragmentation in contrast to ES based PPM. The whole path information in packets by the BL approach is expressed with branch information of each router interfaces. This brings the following three key advantages in the process of detecting the interfaces: quick increase in true-positives detected (efficiency), quick decrease in false-negatives detected (accuracy) and fast convergence (quickness).