A systematic review of IP traceback schemes for denial of service attacks

Internet has always been vulnerable to a variety of security threats as it was originally designed without apprehending the prospect of security concerns. Modern era has seen diverse nature of attacks possible on the Internet, including the most perilous attack, Distributed Denial of Service (DDoS) attacks. In such an attack, a large number of compromised systems coordinate with each other so as to direct gigantic magnitude of attack traffic toward the victim, depleting its tangible and intangible network resources. To further exacerbate the situation, these compromised systems usually disguise their identity by capitalizing on IP address spoofing. IP traceback is the class of techniques used to identify the actual source of network packets. In this paper, we followed a systematic approach to comprehensively review and categorize 275 works representing existing IP traceback literature. The paper also provides an in-depth analysis of different IP traceback approaches, their functional classes and the evaluation metrics. Based on the literature review, we also answered a set of research questions to understand the current trends in IP traceback. Various issues, challenges and avenues for future research in the area of IP traceback are also discussed.