A Novel Hybrid IP Traceback Scheme with Packet Counters

  • Tomoyuki Karasawa
  • Masakazu Soshi
  • Atsuko Miyaji
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7646)


In this paper we shall propose a novel hybrid IP traceback scheme with packet counters. In our scheme, a (packet) counter is used to improve correlation of packet sampling in order to reconstruct the attack tree efficiently. Our scheme has the remarkable advantages: (1) it is simple and efficient, (2) it is significantly resistant to attacks, (3) it requires a lower sampling rate compared with previous work, e.g., only 1% is enough, (4) its false positive/negative rates are also lower.


Hash Function Sampling Probability Conditional Entropy Packet Header Attack Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys 39(1) (April 2007)Google Scholar
  2. 2.
    Al-Duwairi, B., Manimaran, G.: Novel hybrid schemes employing packet marking and logging for IP traceback. IEEE Transactions on Parallel and Distributed Systems 17(5), 403–418 (2006)CrossRefGoogle Scholar
  3. 3.
    Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to IP traceback. ACM Transactions on Information and System Security 5(2), 119–137 (2002)CrossRefGoogle Scholar
  4. 4.
    Gong, C., Sarac, K.: Toward a practical packet marking approach for IP traceback. International Journal of Network Security 8(3), 271–281 (2009)Google Scholar
  5. 5.
    Li, J., Sung, M., Xu, J., Li, L.: Large-scale IP traceback in high-speed Internet: Practical techniques and theoretical foundation. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 115–129 (May 2004)Google Scholar
  6. 6.
    Savage, S., Wetherall, D., Karlin, A.R., Anderson, T.: Practical network support for IP traceback. In: Proceedings of the ACM SIGCOMM, pp. 295–306 (2000)Google Scholar
  7. 7.
    Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-based IP traceback. In: Proceedings of the ACM SIGCOMM, pp. 3–14 (2001)Google Scholar
  8. 8.
    Yu, S., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS attacks using entropy variations. IEEE Transactions on Parallel and Distributed Systems 22(3), 412–425 (2011)CrossRefGoogle Scholar
  9. 9.
    Mitzenmacher, M., Upfal, E.: Probability and Computing: Randomized Algorithms and Probabilistic Analysis. Cambridge University Press (2005)Google Scholar
  10. 10.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tomoyuki Karasawa
    • 1
  • Masakazu Soshi
    • 2
  • Atsuko Miyaji
    • 3
  1. 1.Internet Initiative Japan (IIJ) Inc.Japan
  2. 2.Hiroshima City UniversityJapan
  3. 3.Japan Advanced Institute of Science and Technology (JAIST)Japan

Personalised recommendations