Traceback techniques against DDOS attacks: A comprehensive review

Abstract

Distributed denial-of-service (DDoS) is a rapidly growing problem. In a typical DDOS attacks a large number of compromised hosts (Zombies) are amassed to send useless packets to jam the victim, or its Internet connection or both. The problem of identifying the attack sources is one of the hardest threats in internet security due to the similarity between the legitimate and illegitimate traffic. Firstly, it is important characteristics of the DDOS attacks that they hide their identities/origins (IP Spoofing). Secondly, the stateless nature of the IP routing where routers normally know only the next hop for the forwarding of packets rather than the complete end to end route taken by each packet make IP traceback difficult. IP traceback (the ability to trace IP packets from source to destination) is a significant step toward identifying and, thus, stopping, attackers. This Review paper evaluates and describes the effectiveness of different existing traceback methods. These methods are based on the enhanced router functions or modifications of the current protocols. Advantages and Disadvantages have also been described in existing techniques to carry out research in this problem. © 2011 IEEE.