The integrity of the Internet is seriously threatened by denial of service (DoS) and distributed DoS (DDoS) attacks, which
aim to disrupt legitimate users from accessing a certain resource, Such as a server or network. In a DoS/DDoS Attack, a
violator normally bombards the victim With a huge number of packets. Due to the stateless nature of the Internet and
prevalence of Attack tools, it is very easy for a hacker, or even A kid, to mount an attack with a very small Chance of
being caught. This may explain why DoS/DDoS attacks are rampant in the Internet. Up to now, a vast amount of schemes
have Been proposed as countermeasures against DoS/DDoS attacks. These schemes can be Roughly categorized into four
groups: intrusion Prevention, intrusion detection, intrusion mitigation, and intrusion response [1]. This article Focuses on
IP traceback, which belongs to the Fourth group. The objective of IP traceback is to locate the Actual source of attack
packets [2]. Ideally, an IP Traceback scheme should be capable of identifying the real attacker. However, given the
extreme Complexity of the current Internet, it is difficult For the victim to ascertain the attack source in a DoS attack
because the attacker routinely forges The source IP address of each attack packet. It is Even harder to retrieve the sources
of a DDoS Attack because many attack sources are widely Dispersed in the Internet and there is no apparent feature of a
DDoS stream that can be directly exploited by the victim. It is also hard to grasp the global view of Traceback schemes
since the research on DoS/DDoS is evolving rapidly. To facilitate a Better understanding of the field, we classify
Traceback schemes from several dimensions. Instead of a comprehensive survey, we select the Typical schemes of each
group, along with the Latest developments. Different from previous Work [3], we focus on the issue of practicality of
Traceback schemes. We believe that practicality Is the utmost property to be considered for eventual deployment of IP
traceback. From this Standpoint, we thoroughly explore the pros and Cons of selected schemes. Finally, challenges to Be
overcome are highlighted and possible solutions are discussed. The rest of the article is organized as follows. First,
various traceback schemes are classified From multiple aspects. The metrics we select to Assess each scheme are then
presented. From The perspective of practicality, the benefits and Potential drawbacks of existing schemes are Explored in
depth, and latest developments and Possible further enhancements are proposed. Finally, we discuss the challenges and
Unruly DoS/DDoS attacks motivate the research On IP traceback. Until now, many traceback Approaches have been
proposed. To better Understand the advantages and disadvantages of Different traceback schemes, we classify
existing Schemes from multiple disparate standpoints. We hope this work will lay down a foundation For developing
more efficient and effective traceback schemes in the future. As shown in Fig. 1, five aspects are selected To classify
existing traceback schemes into different categories. They include the basic principle, Processing mode, functionality
supported, location, and requirement for extra infrastructure. The schemes illustrated in Fig. 1 include Probabilistic Packet
Engine (SPIE, also called hash-based traceback) [5], Algebraic-Based Traceback Approach (ATA) [6], Deterministic
Packet Market (DPM)
[7], and an overlay-based solution (Center-Track) [8].
• Advantages
• Access to sensitive information: One of the primary advantages of a cyber attack is gaining
access to sensitive or valuable information, such as personal data, financial information, or
intellectual property.
• Disruption of operations: A cyber attack can disrupt the operations of the target, causing
damage to physical or digital infrastructure, disabling critical systems, or disrupting the supply
• Sabotage: Cyber attacks can be used for sabotage purposes, such as disrupting the operations of
a competitor or sabotaging critical infrastructure.
• Covert operations: Cyber attacks can be carried out covertly, making it difficult for law
enforcement or other authorities to detect and respond to the attack.
• Disadvantages
• Legal repercussions: Cyber attacks are illegal and can result in criminal charges and penalties if
the attacker is caught.
• Damage to reputation: Cyber attacks can damage the reputation of the attacker, particularly if
the attack targets a high-profile organization or individual.
• Retaliation: Cyber attacks can result in retaliation from the target, such as legal action,
counterattacks, or increased security measures
• Unintended consequences: Cyber attacks can have unintended consequences, such as damaging
non-targeted systems or causing collateral damage.
• Resource requirements: Cyber attacks can require significant resources, including technical
expertise, time, and money.
The state of the art in IP traceback has been Presented in this article, along with remaining Open
issues. Clearly, the current IP traceback Technology is only the first step toward tackling DoS/DDoS
attacks. An ideal tracing scheme has To make trade-offs among various factors. To Understand the
dynamics of IP traceback, we Have categorized the most promising schemes From multiple aspects.
From the perspective of Practicality, the pros and cons of each scheme Have been explored in depth,
and possible future Solutions have been highlighted.
