| Distributed Denial-of-Service(DDoS) attack is that one kind of attacker passes the denial services attack controlling large scale that the large amount of puppet lead plane launches , has force and destructiveness big and powerful. The tradition defense measure including the image fire prevention wall , invading to check system and so on, is held in general by deployment in the consumer, adopting is the tactics that passivity defense. When facing large-scale DDoS, sometimes only have being in a passive position and taking a beating , there be no but force of striking back.IP traceback is one kind of the new technique specifically for the characteristic that DDoS attacks develops. It adopts the headstream that the tactics launching attack on on self's own initiative helps to be attacked by attacker allocation. According to tracing result, we can have the pertinency field to deploy a relevance to defense measure (e.g. Rate Limiter) in more appropriate location not only, and can choke the stream from the headstream attacking effectively to centre transmission network and by the attacker effect. Therefore, this technology is to structure distributed defense the system important component.This paper suggested that one kind of new IP traceback model based on probabilistic packet marking, the core function and principle to the model have carried out detailed design and included expound:1. The main function of model is to packet marking and to IP source tracing two major part , the sufferer can track and find out be away from the IP traceback is nearest the route implement according to mark information in mark information kit.2. In order to resolve the problem that marked information has been easy hit to be covered by the information of down-stream router in the probabilistic packet marking , the model has improved on mark algorithm, the packet had been marked edge informations no longer to mark , has improved the tracing speed.3. In order to improve further tracing speed, the model assumes a premise in strong tracing aspect having abandoned the AMS algorithm middle sufferer must have the upstream topological data in advance , does not require that route complicated and overloaded highly values the structure algorithm , by the fact that router interactive confirmation is therefore likely to find position with attacker.4. The algorithm is much better from analysing the astringency reaching mark algorithm theoretically than the AMS and AEMS, the effect of accepting mark probability and the length by routing is also smaller , more stable than AMS and AEMS, affirms safe process theoretical analysis also easy to have got a guarantee, and to have confirmed stability aspect by simulated experiment result.This paper is studied mainly IP traceback model from theory angle, the call for facing the DDoS go at developing gradually , IP traceback technology in the respect of tracking speed also will be more and more high. |
PDF Full Text Request