Research On IP Traceback Technology Based On DDoS Attack

The rapid development of information industry and its applications cause a grave threat to the network and information security. Distributed Denial of Service (DDoS) attack has become the most difficulty problems to solve of the network security, since it's easy to implement but difficult to prevent and track features. IP traceback technology can effectively stop the occurrence of DDoS attack at the source. In a number of response programs of DDoS, IP traceback technology has become a hot research topic in the field of information security. On the one hand, we can deploy effective defenses measures according to the results of IP traceback at the source to prevent DDoS attack carried out in time; on the other hand, IP traceback technology plays an active role in computer cybercrime and forensics technology, also has a certain deterrent on the criminal behavior of the network and is a important technique for building a safe information society in future.The main research work of this thesis includes:Firstly, it describes DDoS attack in detail, including presentation of the principle and process of DDoS attack and some typical DDoS attack tools. By classified of DDoS attack, it analyzes its current characteristics and future trends and studies on the existing preventive measures of DDoS attack.Second, several current mainstream IP traceback technologies are studied detail. According to the performance evaluation such as convergence, compatibility, router and network load and other aspects of tracking programs, we give a qualitative compare of the performance for the current mainstream IP traceback technologies in combination with the evaluation of the other documents. We also proposed some problems of the current IP traceback technologies to prepare for the further research.Subsequently, it especially studied the packet marking schemes for IP traceback. Through research on the various existing probabilistic packet marking techniques, and to the problems "the weak convergence" and "the weakest link" of the existing methods, we proposed an Improved Dynamic Probabilistic Packet Marking Algorithm (IDPPM). The method can effectively reduce the number of packets needed to reconstruct the attack path, and thus faster and more efficiently track the attack source; For the problem when the data packets through the router to forward, its carried information of the upstream routers may lost because of the repeated marking, we proposed a Single Packet Marking Algorithm (SPPM), which improves the IP header of the markers, can effectively reduce the convergence time to reconstruct the attack path and the computational overhead.Finally, to verify and evaluate the performance of the improvement program, the paper improved the NS2 network simulation environment. It simulated experiment the two above proposed schemes, also analyzed and compared with the other packet marking schemes. The experiment proved both feasible.The innovations of this thesis are as follows:1. Proposed an Improved Dynamic Probabilistic Packet Marking Algorithm (IDPPM). This method can effectively reduce the number of packets needed to reconstruct the path, while ensuring the security of packet marking and stability. It also can quickly locate the attack source and effective mitigation the problems "the weak convergence" and "the weakest link" of the existing probabilistic packet marking techniques.2. Proposed a Single Packet Marking Algorithm (SPPM). By improving the IP header of the markers, it can effectively resolve the data packets' carried information of the upstream routers which may be lost since the repeated marking. Experiments show that the computational load and convergence have performed well.