Probabilistic Packet Marking (PPM) is a scheme for IP traceback where each packet is marked randomly with an IP address of one router on the attack path in order for the victim to trace the source of attacks. In previous work, a network coding approach to PPM (PPM+NC) where each packet is marked with a random linear combination of router IP addresses was introduced to reduce number of packets required to infer the attack path. However, the previous work lacks a formal proof for benefit of network coding to PPM and its proposed scheme is restricted. In this paper, we propose a novel method to prove a strong theorem for benefit of network coding to PPM in the general case, which compares different perspectives (interests of collecting) at the collector in PPM+NC scheme. Then we propose Core PPM+NC schemes based on our core network coding approach to PPM. From experiments, we show that our Core PPM+NC schemes actually require less number of packets than previous schemes to infer the attack path. In addition, based on the relationship between Coupon Collector's Problem (CCP) and PPM, we prove that there exists numerous designs that CCP still benefits from network coding.

The accurate and fast estimation of link price is the key component of network-based congestion control schemes. A fast estimation method A2DPM is presented. Multiple hashes on IP identifier of packet header are adopted to accelerate the side information transmission, so accurate estimation of maximum price on the flow forwarding path can be realized after the receipt of just a few probe packets, and the sender is capable of reacting to congestion more quickly, making it suitable to meet the demands of dynamic networks.

As an increasing number of businesses and services depend on the Internet, protecting them against DDoS (Distributed Denial of Service) attacks becomes a critical issue. A traceback is used to discover technical information concerning the ingress points, paths, partial paths or sources of a packet or packets causing a problematic network event. The traceback mechanism is a useful tool to identify the attack source of the (DDoS) attack, which ultimately leads to preventing against the DDoS attack. There are numerous traceback mechanisms that have been proposed by many researchers. In this paper, we analyze the existing traceback mechanisms, describe the common security capabilities of traceback mechanisms, and evaluate them in terms of the various criteria. In addition, we identify typical application of traceback mechanisms.

Effective counteraction to Distributed Denial-of-Services (DDoS) attacks is a pressing problem over the Internet. For this counteraction, it is considered important to locate the router interfaces closest to the attackers in order to effectively filter a great number of identification jammed packets with spoofed source addresses from widely distributed area. Edge sample (ES) based Probabilistic Packet Marking (PPM) is an encouraging method to cope with source IP spoofing, which usually accompanies DDoS attacks. But its fragmentation of path information leads to inefficiency in terms of necessary number of packets, path calculation time and identification accuracy. We propose Branch Label (BL) based PPM to solve the above inefficiency problem. In BL, a whole single path information is marked in a packet without fragmentation in contrast to ES based PPM. The whole path information in packets by the BL approach is expressed with branch information of each router interfaces. This brings the following three key advantages in the process of detecting the interfaces: quick increase in true-positives detected (efficiency), quick decrease in false-negatives detected (accuracy) and fast convergence (quickness).