| With the development of network technology and application, network security becomes increasingly more important. Denial of service attack is among the hardest security problems to address because it is easy to launch, difficult to defend and trace. Many researchers did a lot of research on DoS attack and proposed some constructive countermeasures. One of the important countermeasures is IP Traceback. This paper emphasizes on researching IP Traceback and its Probabilistic Packet Marking.In this paper, the mechanism, methods and countermeasures to denial of services attacks are discussed. Then, several packet marking schemes for traceback are reviewed and some improvements to the Basic Packet Marking scheme are given, which can decrease the number of needed packets and the time of validating the IP in the attack tree reconstruction.Among existing packet marking schemes, the hash of IP is embedded into packet and it is used to validate the IP processed in reconstruction, but it increases the number of packets needed in reconstructing the path, so we validate the IP by using the network topology map; In order to decrease the time of validating the IP in path reconstruction, we propose the Overlapping Probabilistic Packet Marking (PPM), to avoid the unnecessary validating IP.There is a distance field in current packet marking schemes, which is used to record the number of routers the packet passed. The TTL field of packet header can record the information too, so we replace the distance field with TTL field. Then the packet can take more information of router, and decrease the number of packets in path reconstruction.The adoption of Overlapping PPM scheme and the enhanced scheme using TTL field can make the victim trace to the attackers more rapidly, and advantage the victim to response the attack and reduce the loss. The schemes can also be used to reinforce the existing schemes and can be a part of new schemes. |
PDF Full Text Request