An evaluation of different IP traceback approaches

Abstract

The problem of identifying the sources of a denial of service attack is among the hardest in the Internet security area, especially since attackers often use incorrect, or spoofed, source IP addresses. In this paper we present the results from a comparison between some of the most promising traceback techniques proposed to solve this problem. Our goal was to evaluate and analyze the most promising techniques on our way to find a more efficient approach. We have evaluated four different traceback approaches and summarized the results. Our own research was primary targeted at the iTrace approaches while the other approaches were evaluated based on the previous work. We conclude that there are two main disadvantages of the proposed approaches. First, the hop-by-hop path reconstruction is inefficient due to a significant computation overhead, or a long time spent for collecting the samples of the path. Second, the path reconstruction requires changes in the core routing structure that is not profitable. We also suggest a slightly modified version of iTrace approach, which aims at reducing the overhead imposed by such changes.