A More Efficient Hybrid Approach for Single-Packet IP Traceback

Logging-based approaches are suitable for tracing single-packet attacks but incur heavy overhead for packet-digest storage as well as time overhead for both path recording and recovery. Marking-based approaches incur little trace back overhead but are unable to trace single-packet attacks. Recent researches suggest that hybrid approaches are more promising in efficiently tracing single-packet attacks. The major challenge lies in reducing storage and time overhead while maintaining single-packet trace back capability. We presented in this paper a more efficient hybrid approach by designing a novel path fragment encoding scheme using the orthogonality of Walsh matrix and the degree distribution characteristic of router-level topology. Compared to HIT, the most efficient hybrid approach for single-packet trace back to our best knowledge, our approach reduces 2/3 of the overhead in both storage and time for recording packet paths, and the time over-head for recovering packet paths is also reduced by a calculatable amount.