Research On Probabilistic Packet Marking Algorithm For IP Traceback Under Denial Of Service Attack

With the development of science and technology, network technology has been developed rapidly since we entered the twenty-first century. At the same time,in the network varieties of potential safety problems emerge in endlessly.In particular, in recent years,denial of service (DoS)attack is becoming one of the most threatening problems because it is easy to launch, and has great destructiveness.In order to stop the occurrence of DoS attacks at the source,IP traceback technology as an important means to deal with DoS attack has became a hot topic in the network information security field.In this paper, the theory of DoS attack and some typical DoS attacks are introduced firstly. Then, the current technologies of IP traceback are summarized and classified, and their respective advantages and disadvantages are analyzed.In this paper,packet marking schemes for IP traceback are studied especially. After that, an improved packet marking schemes which combines of compressed edge fragment sampling scheme and adaptive probability packet marking scheme is proposed based on we fully analyzed various kinds of packet marking schemes.The improved scheme maximizes the use of the IP packet header space as the marking field. In the previous packet marking scheme, there is a distance field which is used to record the number of routers passed by data packets.The new scheme takes full advantage of the function of TTL (Time To Live) field in the IP packet header. It uses TTL field not only to replace the distance field, but also use it to set the probability for marking packet dynamically.The new scheme reduces the computation greatly because it only needs two efficient fragments to build one edge,and it doesn't need to get the upstream network topology information in advance when reconstructing the attack path. After we fully analyzed the performance of the scheme,it shows that the new scheme decreases the number of packets required in path reconstruction, and it has good convergence rate and low false positive rate.In order to further reduce the false positive rate when reconstructing the path, we use multiples of hash functions to further improve the algorithm.It reduces the collision probability when verifying IP addresses.This paper also improves the packet marking algorithm by reducing the marking probability of the border router. It can reduce the making load of the border router, and it doesn't reduce convergence rate of the adjusted probabilistic packet marking scheme.Finally, in order to verify and evaluate the performance of the improved scheme, this paper simulates the scheme with simulation software,NS2.And we compare it with other schemes.The simulations'results validate this paper's feasibility.