A Research On Tracebacking DDoS Attack Sources In IPv6

With the increasing development of Internet technology and its applications,a large number of key services are provided through network,so the security and availability of network become increasingly important.(D) DoS(Distributed Denial of Service) attack has become one of the most devastating security issues that is hard to resolve,for this kind of attack is easy to make,difficult to prevent and traceback,and other reasons.It does great harm to the normal operation of Internet.Due to using loopholes of TCP/IP protocol itself,(D) DoS allows attackers to use false IP Source Addresses to send packets.As a result,attacker can achieve the purpose of hiding themselves.It has become the key issue to locate attackers quickly and accurately when they are using false IP source addresses.Under this circumstances,the related source address traceback technology also becomes a research hotspot.At present,most address traceback studiy both at home and abroad are in the environment of IPv4.researchers have proposed a variety of solutions to track source packet,such as Link Testing,ICMP Traceback,Packet Marking,and Overlay Networks. These solutions have their own strengths and weaknesses.However,with the limitations of IPv4 protocol emerging in various fields,it will be eventually replaced by the new IPv6 protocol,which has more good features.IPv6,the abbreviation for Internet Protocol Version 6,is the the next generation Internet protocol developed by IETF to replace the existing IP protocol.Ipv6 has a significantly expanded network address space,a simplified header and flexible extension,hierarchical address structure,plug-and-play network access,network layer authentication and encryption,better service quality and better support for mobile communication,and other new features.However,because the development of IPv6 protocol is not mature,it is still bound to be subject to(D) DoS attacks.The existing solutions to(D) DoS attacks are required to improve before applied to IPv6 networks.Deterministic Packet Marking Algorithm is a kind of Data Packet marking teachnology that writes tag information in data packet to locate attack sources by using edge routers.The method can use a small number of data packets to track attack sources, and ISP need not expose its internal network topology for the implementation of this algorithm.It can simultaneously track thousands of attackers,and it is easy to implement.In IPv4,the label information of edge routers is recorded in the Identification field of the header of data packet,while there is no Identification field in the header of data packet in IPv6.Therefore,the existing Deterministic Packet Marking Algorithm can not be directly deployed in IPv6 networks.At the same time,it has no authentication measure.When routers(edge routers or intermediate routers) being controlled by attackers,forged false addresses or addresses of other normal nodes will be written in the header of data packet as markers.This leads to tracking failure making victims recontruct wrong entry addresses.This paper attempts to improve the existing Deterministic Packet Marking Algorithm so as to transplant it into IPv6 network environment.With the combination of the characteristics of IPv6 protocol and Digital Signature solutions,an improved Deterministic Packet Marking Algorithm is put forward,which uses an identity-based Hop-by-Hop certification and has completely solved the mark spoofing problem.Using one data packet,this algorithm is able to position attack sources quickly and accurately, and it can also cope with DDoS attacks efficiently.