Branch label based probabilistic packet marking for counteracting DDoS attacks

Effective counteraction to Distributed Denial-of-Services (DDoS) attacks is a pressing problem over the Internet. For this counteraction, it is considered important to locate the router interfaces closest to the attackers in order to effectively filter a great number of identification jammed packets with spoofed source addresses from widely distributed area. Edge sample (ES) based Probabilistic Packet Marking (PPM) is an encouraging method to cope with source IP spoofing, which usually accompanies DDoS attacks. But its fragmentation of path information leads to inefficiency in terms of necessary number of packets, path calculation time and identification accuracy. We propose Branch Label (BL) based PPM to solve the above inefficiency problem. In BL, a whole single path information is marked in a packet without fragmentation in contrast to ES based PPM. The whole path information in packets by the BL approach is expressed with branch information of each router interfaces. This brings the following three key advantages in the process of detecting the interfaces: quick increase in true-positives detected (efficiency), quick decrease in false-negatives detected (accuracy) and fast convergence (quickness).