The invention discloses a marginal probability packet marking method based on digital signature technology of combined public key, relating to the technology of locating an attack source by adding marks in a data packet in the filed of communication network security. A data packet from a local area network is sampled with a set probability, the sampled data packet is marked by ID information of abrink router, and digital signature based on the combined public key is carried out to guarantee the creditability of the marks. The location of the brink router is implemented by fetching the ID information of the brink router from the attack data packet having credible marks. The method has the advantages of simple implementation, compatibility with the existing protocol, quick tracking speed, postmortem analysis permission, no increase of extra network load, application to DDoS attack location, high security and the like, and is particularly applied to real-time or non-real-time tracking location of each attack source when low-speed or high-speed network suffers from flood attacks.