Skip to main content

Table 11 Comparison of PPM, DPM, and DFM

From: IP traceback through (authenticated) deterministic flow marking: an empirical evaluation

Comparison metrics

PPM

DPM

Basic DFM

Authenticated DFM

1. Packet marking rate (MR)

Low

100%

9% to 33%

9% to 33%

2. Mark spoofing by

Yes

Yes

Yes

No

subverted routers

    

3. Maximum traceback

Edge router

Ingress interface

Attacker node

Attacker node

ability

    

4. Mark spoofing by attacker

Yes

No

No

No

5. Computational overhead

Low

Low

Low

Fair

on routers

    

6. Computational overhead

High

Low

Low

Fair

on victim

    

7. Memory overhead

Low

Low

Low

Low

on routers

    

8. Memory overhead

High

Low

Low

Low

on victim

    

9. Bandwidth overhead

No

No

No

Low

10. Traceback rate (TR)

Low

Good

Fair

Fair

11. False-positive rate

High

Low, except heavy

Low

Low

  

DDoS attacks

  

12. Number of required

1,000

8

2 or 5

2 or 5

packets for traceback

    

13. Awareness of the attack

Yes

No

No

No

path length in advance

    

14. Awareness of the

Yes

No

No

No

network map and

    

routing in advance

    

15. ISP involvement

High

Low

Low

Low

16. Ability to handle

No

No

No

No

fragmentation

    

17. Ability to handle major

Poor

Fair

Good

Good

DDoS attacks

    

18. Number of marking bits

16

17

If K=2:16

If K=2:16

   

If K = 5:32

If K = 5:32