Abstract

Distributed Denial of Service (DDoS) attacks continue to be among the most damaging and disruptive threats to the modern internet ecosystem. These attacks leverage large networks of compromised devices to flood a target server or network with overwhelming traffic making it inaccessible to legitimate users. One of the most significant challenges in combating DDoS attacks is the difficulty of identifying and tracing the true sources of malicious traffic mainly because attackers frequently spoof IP addresses and distribute attack packets through layered botnet infrastructures. Packet marking schemes have emerged as a practical and lightweight technique for traceback allowing routers to embed partial path information into individual packets. However most existing packet marking approaches suffer from limitations including high computational overhead excessive storage demands reconstruction complexity collision probability and inability to handle high-speed real-time attack flows. The purpo