Defense against distributed denial-of-service attacks is one of the hardest security problems on the Internet. Among those problems, the most difficult problem is to trace the attacks back to its origin for the attackers always use incorrect or spoofed IP addresses in the attack packets. In this paper, we propose a multi-edge marking scheme, which allow the victim to traceback to or near to the origin of the attackers with the help of the network administrator. The scheme features high performance efficiency and no false positive. Compared with the previous solutions, it has high precision and low computation overhead for victim to reconstruct the attack paths. Base on this marking scheme, DDoS Scouter is developed.
Download Full PDF Version (Non-Commercial Use)