A Study On Malicious Packets Identification And Classification Techniques

The endless networking security issues arising from networking attacks, especially Denial-of-Service (DoS) attacks, have become one of the most important threats. It results in a large-scalemalicious packets flooding. The identification and classification of malicious packets, as theresearch focus of attacks and defenses techniques, have important technical and socialsignificances, and become an active field in networks security. Different schemes were proposedand achieved a breakthrough to some extent. However, many inevitable deficiencies still exist inthese works.In this dissertation, we focus on the current Internet and Next Generation Security Internet(NGSI) and discuss new techniques about malicious packets identification and classification,which based on packet marking techniques, especially capability, in networking layer. A number ofspecific optimization and innovative schemes are proposed and strive to achieve good attackingdefenses. The study contents involve networks communication, networks simulation, cryptographyand other technical fields. To sum up, the main points are as following four aspects.(1) The data processing of Internet topology. It is one of the basics of studying malicious packetsidentification and classification. In this dissertation, the AS-Level and IP-level topology dataare analyzed, and a complete model for topology data processing is also proposed. After that,the results are analyzed in a visualized way. The study contents involve the analysis of thestatistical characteristics of topology datasets, the distribution of networks degrees, clusteringand power laws, etc. Taking Skitter dataset as an example, a specific analysis and study isgiven.(2) The optimization of TVA for malicious packets identification and classification. TVA is basedon the capabilities technique and could classify and identify malicious packets. It also mitigatesand eliminates the threats of networks attacks. However, the fixed capabilities serious impacton the networks transmission efficiency and difficult meet requirements of the networks linearprocess. In this dissertation, we propose an optimization and management scheme forcapabilities based on TVA. The specific contents include self-adaptive pre-capabilities andcapabilities, dynamic capabilities authorization and the capabilities management based onIndex and Least Recently Used. (3) The design and implementation of malicious packets classification filter based on capabilities.The traditional filter is based on rules to identify and classify packets, and is insecurity andinefficiency, especially for fake attacks. In this dissertation, we propose a malicious packetsidentification and classification filter based on capabilities after analyzing and summarizingpre-existing packets classification techniques. The specific contents include theoretical andexperimental analyses for filter without capabilities, analyses of design, implementation andsimulation with capabilities, the realizing of malicious packets identification and classificationfilter against attacks.(4) An architecture for the prevention and limitation of DoS malicious packets. DoS attacks are amajor threat to the safety of networks and malicious packets flooding is the condition forforming DoS attacks. So the DoS attacks defense based on malicious packets identification andclassification has important realistic and technical meanings. In this dissertation, we analyzeand discuss capabilities, packets classification, congestion control, filter, etc. After these, thearchitecture for the prevention and limitation of DoS malicious packets is proposed to solve theissues of filter.The results of simulation experiments using NS2and Internet datasets show that our proposedschemes can effectively improve the network security and reduce the impact of networksperformance caused by defense schemes themselves. The studies of this dissertation focus ongiving new proposals for the NGSI architecture, and promote the safe and orderly development ofthe Internet.