Research Of IP Traceback Technique Against DDoS Attacks Based On Packet Marking

DDos attack is one of the most serious attack methods which has latent risk and powerful destruction in the networks and usually adopted by hackers. Because attakers usually used spoofed source to cover their behavior and location, so it's difficult to avoid be attacked. If victim can find attackers who used spoofed source address accurately and quckily, attacker's action can be limited in maximum. For it, this paper will emphasis in tracing the real attackers of DDoS.This paper studies denial-of-service attack mechanism, methods and Countermeasures, especially packet marking scheme in most of IP traceback schemes. Because the existed packet marking schemes used the probability of invariable sign, reconstructing the attack path required numbers of packets. This paper present a new packet marking scheme, this scheme marks data package dynamically by parameter which is distance between router and victim, Then the probability which every data packet is marked at last time on any Router is same, so that it can reach astringency of optimization. Simultaneously, in order to confront attackers so that they can't transform forged information to disturbance the algorithm of path-reconstruction, this paper presents an new safe verify-packet marking scheme, in which verifying and marking are in the end of the edge, Every node uses different hash functions to prevent forging other nodes' marks, and enhance the ability of anti-jamming.In order to reduce storage of data packet, this paper present an IP traceback scheme that can reduce the expenses of storage in found of basic packet-marking scheme. The difference between this scheme and packet-marking scheme is that when a packet reach a router, the router will mark it with the link that the packet came through not the current router's IP address. And when it is attacked by DoS and DDoS, it can react quickly, and it just need one attacked packet so that it can reconstruct the attack path and find out exact attack source. It accordingly create condition in which it can answer the attack quickly and minimize the damage.In order to verify and appraise the scheme's accuracy and performance, this paper implement related algorithm in NS. It simulates the DDoS environment, and accesses its performance, and finally compare with other schemes. The experiments and results testify the availability of algorithm present in this paper.