An enhanced Deterministic Flow Marking technique to efficiently support detection of network spoofing attacks

In order to detect and prevent DoS/DDoS attacks that exploit IP address spoofing, the IP traceback technique has been introduced and developed with variety of methods including packet marking. By means of inserting marking information on the travel path into rarely used fields in the header of IP packets, the destination host can trace back the original-source location of received packets, which is useful for supporting detection of attacks. Many schemes of packet marking IP traceback have been proposed, but still have nevertheless some drawbacks such as low traceback rate, heavy computational overhead due to high-required number of marked packets and marking size. In this paper, we proposed PLA DFM, a novel efficient enhanced solution of Deterministic Flow Marking based on adaptation with real traffic characteristics. The analytic result shows that the proposed solution provides a far higher successful mark rate, lower computational overhead compared to the original scheme and other marking techniques with unnoticeable increased traffic size.