Research On Countermeasures To Denial Of Service Attack And IP Traceback

With the development of network technology and application, network security becomes increasingly more important. Denial of service attack is among the hardest security problems to address because it is easy to launch, difficult to defend and trace. So, doing research on DoS attack and its counter-measures is not only challenging but also very important.In this paper, the mechanism, methods of and countermeasures to denial of services attacks are discussed. After that, several packet marking schemes for traceback are reviewed and some improvements to the basic packet marking scheme are given, which reduce the workload and false positive rate in the attack tree reconstruction.Knowing that in existing packet marking schemes, router marks packets with fixed probability, which results in that many packets are required in path reconstruction and that attacker could encumber path reconstruction via spoofed marking information. We developed an adaptive packet marking scheme. With our adaptive marking scheme being adopted, it takes fewer packets to reconstruct the attack path, thus the victim could respond to attack more promptly and reduce attack damage. Furthermore, with adaptive marking scheme in use, there is less room available for attackers to spoof marking information, thus, it's more difficult for them to frame legitimate users and to cover each other. The adaptive marking scheme could be used to enhance existing schemes and be used as a component of new schemes.In existing packet marking schemes, routers' IP address or their hashes are embedded into packets, which results in that too many packets are needed and too many false positives occure in path reconstruction. Several router numbering schemes are given in this paper, which, on the contrary to which IP address could be used to locate hosts worldwidely, could only spot hosts locally. The benefit is that the size of the number to represent a host could be smaller. We further developed an adaptive packet marking scheme based on one of our router numbering schemes. The maiking scheme is better than others in that there is leys workload, fewer false positives and fewer packets are required in path reconstruction. The last also reduces the time delay before responding to DoS attacks.