| In recent years, there are more and more attacks aimed at network. It becomes an urgent problem to identify the actual source of the attacker's origin. In this paper, we analyze this problem with the example of the most representative attacks: Denies of Service and distributed DoS attack, and propose a novel trace back scheme. The scheme can locate the attacker's origin rapidly and exactly, offered a positive defense for data transmission in network and gists for implead. This paper analyzes the most kinds of attacks in network, and discusses the three network defending phases: detection, identification and mitigation. Aimed at the characteristic of DoS/DDoS attacks, we introduce the theory of fragment marking scheme, then propose the novel fragment marking scheme (NFMS) and verification novel FMS (VNFMS). Compared with traditional ways, it means expand the hash fields, increase the veracity, and simplifies the complexity of recombine. Simulation experiments validated that the NFMS and VNFMS can trace major distributed DoS attacks exactly, provided with well real-time, low processing overhead, small bandwidth overhead and low deployed cost. Adjusted NFMS and VNFMS are proposed based on the PDN's characteristics. This scheme makes the DSD as the trace back units, and has a very low number of attacking packets needed for trace back which enable the schemes successfully trace back more attacks and more quickly. Furthermore, this paper also proposes an IP trace back policy from the point of game of attacker and defender. We define the game model and discuss the payoff matrix in detail, then derive the optimal strategy using the geometry graphology. This approach brings a new way to trace back attackers with incompletion mark information. |
PDF Full Text Request