| With the development of network technology and application, network security becomes increasingly more important. Denial of service attack is among the hardest security problems to address because it is easy to launch, difficult to defend and trace. So, doing research on DoS attack and its countermeasures is not only challenging but also very important.In this paper, methods of and countermeasures to denial of services attacks are discussed and a new method of and countermeasure to detect the attack at the attack sources is given .The method can furthest reduce the influence of DDoS attack which creates to the entire network, and needn't induct authentication mechanism among routers, the analyses of performance of the new method indicate that the effect is prominent.After that, several packet marking schemes for traceback are reviewed and some improvements to the basic packet marking scheme are given, which reduce the workload and false positive rate in the attack tree reconstruction. Knowing that in existing packet marking schemes, router marks packets with fixed threshold, which results in that many packets are required in path reconstruction. We present a new reconstruction algorithm. This algorithm is based on the Advanced Marking Scheme (AMS), and it works with a two-dimensional threshold mf,d, and give the empirical formula to choose the threshold. With our scheme being adopted, it takes fewer packets to reconstruct the attack path, thus the victim could respond to attack more promptly and reduce attack damage. |
PDF Full Text Request