Design and Analysis of a Hierarchical IP Traceback System

In this paper, we present the detailed design and analysis of our solution to the IP traceback problem. We adopt (at the AS level) a path signature generation method which was proposed at the router level to primarily provide a means of filtering attack traffic. Our solution assumes a secure routing infrastructure to exchange authenticated messages in order to learn path signatures. We envision the local adoption of a separate, yet complementary, traditional traceback system at each AS. This solution is hierarchical in the sense that it works at the autonomous system (AS) level first then once a small list of possible source ASes is identified, those ASes are queried and traceback is performed within each AS to prune the list down to the actual source. Using simulation results we demonstrate that our solution is practical since it reduces - as a first step - the search space from the entire router space of the Internet to an AS-list that is only a very small fraction of all possible ASes. This combination is more scalable than doing a flat IP traceback on the entire router space of the Internet. We go on to propose a means of using more than 16 bits of the IP fragmentation fields which are traditionally used by various IP traceback systems. We present results based on using various sizes for the marking field, as well as varying number of total marks and different sizes for each mark.