Feasible DDoS attack source traceback scheme by deterministic multiple packet marking mechanism

A main purpose of network security is to secure the system and its element parts from illegal access and misuse. Distributed denial of service (DDoS) attack is a crucial risk to the internet. A source traceback is a technology to control each and every computer crime. A feasible DDoS attack source traceback technique based on marking on demand (MOD) scheme is proposed to detect computer attack by using multiple packets for marking coding. In this proposed scheme, the MOD scheme is based on the deterministic multiple packet marking mechanism. Depending upon this finding, the proposed technique basically addresses the scalability issue of existing deterministic packet marking-based traceback schemes and perhaps to traceback to the individual cooperated computers more willingly than the present defined routers of attacking computers. Also, this technique is used to identify the malicious users who form the volume of traffic necessary to reject a service to computer user. To traceback the engaged attack source, there is a need to mark these engaged ingress routers by deterministic multiple packet marking mechanism. Simultaneously, the MOD server reports information of the marks and their connected requesting IP addresses. Once DDoS attack is proved, the victim will acquire attack sources through requesting MOD server by marks refined from attack packets. The confirmed DDoS attack is identified when it is higher than the tested threshold value. In this study, a mathematical model is established to prove the efficiency of the proposed source traceback technique in both real-world experiments and theoretical analysis. Extensive real-world experiments and theoretical analysis show that the proposed technique is efficient and feasible.