A Concise Network-Centric Survey of IP Traceback Schemes based on Probabilistic Packet Marking

TL;DR

This paper compares ten probabilistic packet marking schemes for IP traceback, highlighting their performance differences, evaluation metrics, and the impact of network topology on convergence times, emphasizing the complexity of fair comparison.

Contribution

It provides a comprehensive comparison and analysis of ten PPM-based IP traceback schemes, revealing the challenges in performance evaluation and the influence of network topology.

Findings

Performance varies significantly across schemes.

Evaluation metrics differ among schemes.

Network topology impacts convergence times.

Abstract

Multiple probabilistic packet marking (PPM) schemes for IP traceback have been proposed to deal with Distributed Denial of Service (DDoS) attacks by reconstructing their attack graphs and identifying the attack sources. In this paper, ten PPM-based IP traceback schemes are compared and analyzed in terms of features such as convergence time, performance evaluation, underlying topologies, incremental deployment, re-marking, and upstream graph. Our analysis shows that the considered schemes exhibit a significant discrepancy in performance as well as performance assessment. We concisely demonstrate this by providing a table showing that (a) different metrics are used for many schemes to measure their performance and, (b) most schemes are evaluated on different classes of underlying network topologies. Our results reveal that both the value and arrangement of the PPM-based scheme convergence times vary depending on exactly the underlying network topology. As a result, this paper shows that a side-by-side comparison of the scheme performance a complicated and turns out to be a crucial open problem in this research area.