IP Traceback Strategy Based On Re-marking To Marked Packet Fragment

With the development of network technology and applications, the network security problems have been more and more important. Because of the convenience to implement,difficulty in defensing and tracing, the denial of service attack and defense has been one of the most difficult problems, which did a great harm to the networks society. So many researchers have done a lot in this field and provide some valuable countermeasures. IP traceback technology is one of the important measures to the denial of service and defense. This paper mainly studies on IP traceback technology and probabilistic packet marking algorithm.This paper mainly contains following aspects: the principle of the denial of service and defense, attack methods and related countermeasures, research on virtues and defects of tracing project based on packet marking algorithm, and then had an improvement on probabilistic packet marking.In basic probabilistic packet marking(PPM) schemes,the high time complexity of path reconstruction for the victims who receive marked packet,lead to increase of false positives and convergence time.A new scheme to solve this problem is present.It doesn't use the scheme to take TTL field as marking message which was mostly used in many PPM schemes.The eight fragments which stands for the marked router's address information are placed in 16-bit identifier of IP packet.Fragments of the whole group marking message are re-marked,using a hash function whose input is the TTL value of IP packet. In this way the matching work in path reconstruction can be predigested,time complexity and convergence time of path reconstruction can be decreased. And at the same time false positives is reduced.Most existing packet marking schemes are implemented in IPv4, so the feasibility in IPv6 is explored in this paper.In the end, in order to evaluate the performance of the improvement algorithm, we construct a more attack paths simulation network on network simulation software NS2. The advantage between improved scheme and basic scheme can be educed based on the path reconstruction time in victim.