Research On IP Traceback Under Denial Of Service Attack

With the development of network technology,people's work and life has become inextricably tied to the intemet.Though the network has brought people lots of convenience, people have to face to more and more network security problems.Denial of Service attack is one of most common attacks.Researchers presented a lot of measures to defence this attack including tracing the sources of attack.Because it is difficult to locate the sources of attack,Denial of Service is one of the major threats to the security of the Internet. The tracing of attacking data source can be not only used as foundation to track the real attacker behind the scenes, providing evidence to call to account, but also provide information to Denial of Service attack, achieve better defense effect.The contributions of the paper are outlined as follows:Firstly,GONG's hybrid IP traceback scheme which make use of packet marking and logging is analysed. The disadvantages of low speed in reconstructing path and high false positive are pointed out.Moreover it can not locate the attack source.So an improved scheme is proposed in order to overcome the disadvantages. The proposed scheme employs the information of router interface to mark a router so as to reduce the number of queried routers in reconstructing the path. In the proposed scheme, the speed of reconstructing path is enhanced and the false positive is lowered since the number of logging routers is reduced.Moreover,the new scheme can loacte the attacker and does not require all routers to be traceback-enabled.Secondly, the paper analyses two existing Probabilistic Packet Marking schemes.Because they need a large number of packets to reconstruct the attack path and lack of anti-forgery feature.A new Probabilistic Packet Marking based on HMAC is presented.The new scheme use the HMAC of IP address as the mark information.In the new scheme,the number of packets to reconstruct path is reduced,victim can distinguish false information,and the number of combinations of different fragments is also reduced.Finally,according to the simulation result from NS2,the new hybrid scheme in the chapter three is better than the original one.