| Defending against Distributed Denial of Service attacks is one of the hardest security problems on the Internet today.So, doing research on DDoS attacks and their countermeasures is very important. Many researchers did a lot of research on DoS and DDoS attack and proposed some constructive countermeasures. One of the important countermeasures is IP Traceback.This paper researchs the IP Traceback and its packet marking.In this paper, the theory,mechanism, methods of and countermeasures to DDoS attacks are reviewed. Especially, we discuss several packet marking schemes for IP traceback and analyse their advantage and disadvantage. Some improvements to the adjusted probabilistic Packet Marking scheme are given and, to autonomy system, a packet marking is proposed, which can decrease the number of needed packets, the time of validating the IP in the attack tree reconstruction and the false positive rate.There is a distance field in current packet marking schemes, which is used to record the number of routers the packet passed. The TTL field of packet header can record the information too, so we replace the distance field with TTL field. This can decrease the dispart of the packet and the router burden. Based on the snoofed initial TTL value, a packet marking is proposed, which can resist spoofed TTL value.Based on the autonomy system and the Advanced packet marking ,a node packet marking is proposed, which can quickly and accurately locate the attacker.The theory analyses show that it can decrease the false positive rate and the experiment results show the few packets are needed in path reconstruction also saves time for the victim.Finally, a summary is given and the future research directions are also pointed out. |
PDF Full Text Request