Enhancing Probabilistic Packet Marking by Integrating Dynamic Probability and Time to Live (TTL) Clustering?

In recent years, Denial-of-service attacks emerged as a pressing problem. Since a lot of attention has been placed on Denial-of-service defense research and a number of approaches have been proposed. One suggested solution is ―IP Trace back‖ which is referred to as tracing malicious packets back to their origin. It categorized in several methodology. Packet Marking from this category is the subject of our study. In this paper, we focus on ―Probabilistic Packet Marking (PPM)‖ which is inefficient in the case of Distributed Denial of Service (DDoS) attacks due to high false positive in reconstructing attack graph and also high convergence time. We adopt the dynamic probability along with Time to Live clustering method in order to reduce the rate of false positive and convergence time. We envision DDoS attack starts when network traffic is more than our default threshold. In an abstract view, we have considered dynamic probability rather than fixed, which is the root problem in most Probabilistic Packet Marking (PPM) and also to facilitate the fast reconstructing of attack graph, we exploit TTL field in two folds: one time to live and another one identification field for packets’ fragments coming from same distance. Consequently, our experimental results show how our model would be efficient in comparison with some pervious methods.