Because the Internet has been widely applied in various fields, more and more network security issues emerge and catch people’s attention. However, adversaries often hide themselves by spoofing their own IP address and then launch attacks. For this reason, researches have proposed a lot of traceback schemes to trace the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others combine packet marking with packet logging and therefore create hybrid IP traceback schemes demanding less storage but requiring longer search. In this paper, we propose a new scheme for efficient packet logging in hybrid IP traceback aiming to fix our storage requirement (under 320K bytes, according to CAIDA’s skitter dataset) in packet logging without the need to refresh the logged tracking information; and to achieve zero false positive and false negative in attack-path reconstruction. Besides, we use a packet’s marking field to censor attack traffic on its upstream routers. Last, we simulate and analyze our scheme, in comparison with other related researches, in the following aspects, storage requirement, computation, and accuracy.