Uniform DoS traceback

Denial of service (DoS) is a significant security challenge in the Internet. Identifying the attackers so that their attack traffic can be blocked at source is one strategy that can be used to mitigate DoS attacks. However, determining the source can be difficult due to the inherent connectionless nature of IP. Traceback using various marking schemes that overload, mostly unused, fields in the IP header are promising techniques to identify the source of the attack. This paper shows that the marking probability used in two existing techniques: probabilistic packet marking (PPM) and dynamic probabilistic packet marking (DPPM) are not optimal and derives an optimal marking scheme called uniform probabilistic packet marking (UPPM). The performance of UPPM is shown to be improved compared to PPM and DPPM by performing comparative numerical analysis. One significant advantage of UPPM over these earlier techniques is that it performs marking at the level of autonomous systems (ASs) rather than at every router. This has advantages both in terms of marking overhead and allowing the optimal formulation of marking probability by utilizing metrics readily available from BGP-4, the inter-AS routing protocol.