IP traceback based on packet marking and logging

Two main kinds of IP traceback techniques have been proposed in two dimensions: packet marking and packet logging. IP traceback based on packet marking is often referred to as probabilistic packet marking (PPM) approach where packets are probabilistically marked with partial path information as they are forwarded by routers. This approach incurs little overhead at routers. But due to its probabilistic nature, it can only determine the source of the traffic composed of a number of packets. IP traceback based on packet logging is often referred to as hash-based approach where routers compute and store digest for each forwarded packet. This approach can trace an individual packet to its source. However, the storage space requirement for packet digests and the access time requirement for recording packets commensurate with their arriving rate are prohibitive at routers with high speed links. We propose an IP traceback approach based on both packet marking and packet logging. Compared with the PPM approach, our approach is able to track individual packets. Compared with the hash-based approach, our approach incurs less storage overhead and less access time overhead at routers. Specifically, the storage overhead is reduced to roughly one half, and the access time requirement is decreased by a factor of the number of neighbor routers.