Single-packet traceback, as a key technology to solve the network security management issues caused by the "statelessness" of IP protocol, has drawn significant attentions in recent years. However, the prior work has not been widely used due to the following disadvantages: 1) inability to deploy incrementally; 2) lack of deployment incentives, i.e., none deployer can gain free riding; 3) high maintenance costs. This study proposes an efficient single-packet traceback approach based on alliance theory termed as TIST. It firstly establishes the traceability alliance on the large scale networks, so as to remove free-rider ASes and improve the deployment incentives. Secondly, it designs link fingerprint establishment strategy towards traceability alliance through combining IP stream labeling and peer-to-peer filtering technics, which can weaken the traceability coupling between autonomous domains and achieve incremental deployment. Finally, it defines a novel counting Bloom Filter towards network prefixes. By optimizes its parameters, the traceable routers can quickly identify the traceable packets, and achieve the selective establishment of link fingerprints. Extensive mathematical analysis and simulations are performed to evaluate the proposed approach. The results show that the proposed approach significantly out performs the prior approaches in terms of the deploy ability.