From: IP traceback through (authenticated) deterministic flow marking: an empirical evaluation
Comparison metrics | PPM | DPM | Basic DFM | Authenticated DFM |
---|---|---|---|---|
1. Packet marking rate (MR) | Low | 100% | 9% to 33% | 9% to 33% |
2. Mark spoofing by | Yes | Yes | Yes | No |
subverted routers | Â | Â | Â | Â |
3. Maximum traceback | Edge router | Ingress interface | Attacker node | Attacker node |
ability | Â | Â | Â | Â |
4. Mark spoofing by attacker | Yes | No | No | No |
5. Computational overhead | Low | Low | Low | Fair |
on routers | Â | Â | Â | Â |
6. Computational overhead | High | Low | Low | Fair |
on victim | Â | Â | Â | Â |
7. Memory overhead | Low | Low | Low | Low |
on routers | Â | Â | Â | Â |
8. Memory overhead | High | Low | Low | Low |
on victim | Â | Â | Â | Â |
9. Bandwidth overhead | No | No | No | Low |
10. Traceback rate (TR) | Low | Good | Fair | Fair |
11. False-positive rate | High | Low, except heavy | Low | Low |
 |  | DDoS attacks |  |  |
12. Number of required | 1,000 | 8 | 2 or 5 | 2 or 5 |
packets for traceback | Â | Â | Â | Â |
13. Awareness of the attack | Yes | No | No | No |
path length in advance | Â | Â | Â | Â |
14. Awareness of the | Yes | No | No | No |
network map and | Â | Â | Â | Â |
routing in advance | Â | Â | Â | Â |
15. ISP involvement | High | Low | Low | Low |
16. Ability to handle | No | No | No | No |
fragmentation | Â | Â | Â | Â |
17. Ability to handle major | Poor | Fair | Good | Good |
DDoS attacks | Â | Â | Â | Â |
18. Number of marking bits | 16 | 17 | If K=2:16 | If K=2:16 |
 |  |  | If K = 5:32 | If K = 5:32 |