Skip to Main Content
IP-spoofed DDoS attack is a serious security problem in Internet. Thus, an IP traceback approach is essential. In this paper, a fast IP traceback approach (FTA) based on network statistic analysis is proposed. By maintaining the branch label table (BLT) which contains some network statistics in edge routers, the time of IP traceback procedure is efficiently reduced. In addition, an adaptive packet filter is proposed to mitigate the DDoS attacks. The packet drop rate adapts to the location of DDoS attackers and the queue length. Finally, ns-2 simulation is conducted to evaluate FTA. The simulation results show FTA substantially accelerates IP traceback procedure. Moreover, the proposed adaptive packet filter efficiently mitigates the DDoS attacks.