LPM: A lightweight authenticated packet marking approach for IP traceback

IP traceback approaches have an important role to play in mitigating the attacks based on IP spoofing like Denial of service/Distributed denial of service attacks. Due to the obvious significance of such attacks, numerous approaches have been proposed in the literature. However, as per our observations, there is still a scope to improve the IP traceback techniques especially in terms of reducing the number of false-positives, reducing the number of packets required at the victim node and the requirement of an upstream router map. Motivated by this observation, in this paper, we propose a novel Light-weight Packet Marking (LPM) that is a probabilistic packet marking (PPM) approach, to trace back the sources of an attack. LPM improves upon the existing PPM approaches in the number of packets required by the victim to reconstruct the attack paths, reduced false-positives and support incremental deployment. It does not even require an upstream router map. LPM also authenticates the marking that enables a victim to detect the attackers attempts to forge the marking. LPM uses multiple hash functions to reduce the false positives further to zero. We carry out experimental analysis as well as security analysis of LPM considering attacker and compromised routers in our attacker model.