UDP based IP Traceback for Flooding DDoS Attack

Distributed denial of service attack has become a challenging threat in today's Internet. The adversaries often use spoofed IP addresses, which in turn makes the defense process very difficult. The sophistication of the attack is increasing due to the difficulty in tracing back the origin of attack. The researchers have contributed many traceback schemes to find out the origin of such attacks. In the majority of the existing methods they either mark the packets or log the hash digest of the packets at the routers in the attack path, which is computational and storage intensive. The proposed IP trace back scheme is an User Datagram Protocolbased (UDP) approach using packet marking which requires computation and storage only at the edge router and victim and hence it does not overload the intermediate routers in the attack path. Unlike existing traceback schemes which requires numerous packets to traceback an attacker, the proposed scheme requires only a single trace information marked packet to identify an attacker. It supports incremental deployment which is a desirable characteristic of a practical traceback scheme. The work was simulated with real time Internet dataset from the Cooperative Association for Internet Data Analysis (CAIDA) and found that the storage requirement at the victim is less than 1.2 MB which is nearly 3413 times lesser than the existing related packet marking method. It was also implemented in real time in the experimental DDoS Test Bed the efficacy of the system was evaluated