NXG01-4: Scalable Hierarchical Traceback

Distributed Denial of Service attacks have recently emerged as one of the most potent, if not the greatest, weaknesses of the Internet. Previous solutions for this problem try to traceback to the exact origin of the attack by requiring the participation of all routers. For many reasons this requirement is impractical. In the presence of non-participating routers most of the proposed schemes either fail in reconstructing the attack path or end up with an approximate location of the attacker. We propose Hierarchical IP Traceback (HIT), a hierarchical approach to address this issue. HIT has significant improvements over other works in several dimensions: (1) with just a few tens of packets, HIT enables the victim to reconstruct the attack graph, an improvement of 2-3 orders of magnitude when compared to previous schemes; (2) HIT scales to large distributed attacks with thousands of attacks; (3) owing to its hierarchical nature, the reconstruction takes only tens of seconds.