A dynamical deterministic packet marking scheme for DDoS traceback

Shui Yu, Wanlei Zhou, Song Guo, Minyi Guo

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

11 Citations (Scopus)


DDoS attack source traceback is an open and challenging problem. Deterministic packet marking (DPM) is a simple and relatively effective traceback scheme among the available traceback methods. However, the existing DPM schemes inheret a critical drawback of scalability in tracing all possible attack sources, which roots at their static mark encoding and attempt to mark all Internet routers for their traceback purpose. We find that a DDoS attack session usually involves a limited number of attack sources, e.g. at the thousand level. In order to achieve the traceback goal, we only need to mark these attack related routers. We therefore propose a novel Marking on Demand (MOD) scheme based on the DPM mechanism to dynamical distribute marking IDs in both temporal and space dimensions. The proposed MOD scheme can traceback to all possible sources of DDoS attacks, which is not possible for the existing DPM schemes. We thoroughly compare the proposed MOD scheme with two dominant DPM schemes through theoretical analysis and experiments. The the results demonstrate that the MOD scheme outperforms the existing DPM schemes.
Original languageEnglish
Title of host publication2013 IEEE Global Communications Conference, GLOBECOM 2013
Number of pages6
ISBN (Print)9781479913534
Publication statusPublished - 1 Jan 2013
Externally publishedYes
Event2013 IEEE Global Communications Conference, GLOBECOM 2013 - Atlanta, GA, United States
Duration: 9 Dec 201313 Dec 2013


Conference2013 IEEE Global Communications Conference, GLOBECOM 2013
Country/TerritoryUnited States
CityAtlanta, GA


  • DDoS
  • Deterministic packet marking
  • traceback

ASJC Scopus subject areas

  • Electrical and Electronic Engineering


Dive into the research topics of 'A dynamical deterministic packet marking scheme for DDoS traceback'. Together they form a unique fingerprint.

Cite this