| With the rapid development of the Internet,the problem of network security is paid attention more and more. Defending against Distributed Denial of Service attacks is one of the hardest security problems on the Internet today. One difficulty to thwart these attacks is that a vast number of insecure machines exist in the Internet, attack tools can easily be downloaded and the attacks often use spoofed IP source address. So, doing research on DDoS attacks and their countermeasures is very important.In this paper,the theory and process of DDoS are traversed and also the countermeasure of DDoS is analysed and settled.We discuss these from recovery,check and trace of DDoS in succession.Based on the pairwise key for Message Authentication with Key Collection Exposure in Tabu Packet Marking Algorithm,Adaptive Probabilistic PacketMarking and Advanced PacketMarkingâ…ˇ,an improvement of Tabu Packet Marking Algorithm was proposed.The results show that the scheme can achieve greater stringency and higher efficiency by adopting the pairwise key sequence,and prevent the marking information from being tampered by using HMAC for anthentication,thus this scheme is secure and robust.Based on the theory of tracers placement and Coloring PacketMarking Algorithm, IP traceback based on tracers placement against DDoS was proposed.The algorithm is based on the Greedy Algorithm using K-Diameter-Cut Algorithm in the network topology map to identify some key routers.Using these routers also tracers to mark the packets according with Coloring Packetmarking Algorithm not only can reduce the number of packets needed for path reconstruction and number of false positives ,speed the tracing toattacker but also greatly reduce the burden on the router marker.Therefore,it can locate the attack origins rapidly and accurately. |
PDF Full Text Request