| With the rapid development of the Internet, more and more the problem of network security is paid attention. People are exposed to frequent occurrence of cimes committed by or aimed at computers and networks.Defending against Distributed Denial of Service attacks is one of the hardest security problems on the Internet today.Because the DDoS attack tools can easily to be downloaded and the attacks often use spoofed IP source address.Computer forensics is one of important technical means to combat computer crime. How to get the evidence of computer criminals become a new task of the law and computer science ares.It is important for computer forensics to determine the true identity of the attacker. Attack source positioning technology is one of the major technologye to find the real source of the attack.In this paper,it first makes a comprihensive introduction of the basic concepts,relevant technology and theories and basic principles,etc.relating to the field of computer forensics. Then focus on how to track the Denial of Service attacks.We will study the categorization of tracebacking technologies systemically, depth exploration of the Packet Marking algorithm and their pros and cons. An improved scheme proposed base on fragment marking scheme(FMS), which proposed by Savage et al. By enlarging marking space and useing adaptive probability for packet marking, IFMS reduces the number of packets required for the victim to reconstruct the attack path and computational complexity. Meanwhile,40 parity-check bits generated by 2 different hash functions are employed to reduce the false positive alarm. So, the new scheme could effectively reduces computation cost and false alarm rate, and greatly increased path reconstruction speed. In order to verify the effectiveness of the improved algorithm,using the famous simulation software,NS2 to verify the performance of the program. The simulations' results validate the effect of the improved scheme,it respond against the DDoS attack more efficiently. |
PDF Full Text Request