Technology Of IP Traceback In The Controlled Network

The current network security threats become more and more serious and various network security events are endless. Because the most of attackers are using forged IP addresses, so it's difficult to trace where the attackers come from. Thus the protection strategy and invasion counterattack hardly implements. Therefore, IP traceback has important position in network security. It is the base to counter the invasion and attack restore and it provides evidence for legal sanctions afterwards.On the current state of research, IP traceback is basically just at initial stage and successful application also not been reported. Because of the complexity of the Internet structure and current network protocol security issue, traceback the attacker to the source host is difficult problem. Therefore, this paper will propose an IP traceback technique that cans traceback the attacker to his network border. And the implementation of IP traceback system based on this technique will be given in this paper. Using the IP traceback system the attacker will be located to the entry interface of the controlled network.Firstly, this paper comprehensively analyzes IP traceback methods that have been proposed by other researcher. For the problems of current IP traceback methods and features of controlled network, this paper proposes the Border Packet Marking (BPM) method that trace attacker to the border router in the controlled network. For accommodating packet fragment and DDoS, then this paper further proposed Accommodating Fragment BPM and Base on Router Interface Hash BPM. For every marking algorithm the corresponding IP Address Recovery algorithm and Packets Collect Strategy will be given after. To prevent controllable internal network and avoid multi-hop attack using false IP address, the IP authentication methods can be used in the internal network.For evaluating the BPM that is proposed in this paper, the paper compared BPM with PPM (Probability Packet Marking) and concluded that BPM is better than PPM in location constringency speed, difficulty for application and compatibility. Especially, BPM is more suitable for IP traceback in controlled network. Finally, the design of IP traceback system and deployment environment is given. The implementation platform and experimental results are illustrated. By comparing experimental results can be seen the Border Packet Marking algorithm has good performance.