| Distributed denial-of-service (DDoS) attack is one of the major threats to the current Internet. Existing traditional countermeasure, such as firewall and instruction detection systems, can not do very well only by passive defense policy. The distributed nature of DDoS attack problem desiderates a distributed defense solution. Attack source traceback is a new defense technique to indentify the sources of DDoS attacks.It is an important step of distributed defense for DDoS attacks, and a key technique of network forensics technology. This work mainly includes the following:First, this paper introduces the principle, methods and countermeasures of denial of service attack, detailed discusses several packet marking schemes for traceback the source of attacks and analyzes their respective advantages and disadvantages.Second, Deterministic Packet Marking (DPM) algorithm only requires edge routers to perform packet marking, easy to implement and requires no additional bandwidth consumption. But the Basic Deterministic Packet Marking (BDPM) algorithm and the Hash-Based Deterministic Packet Marking (HDPM) algorithm both have significant deficiencies. This paper proposes a based on Message Authentication Code (MAC) Authenticated Novel Deterministic Packer Marking (ANDPM) scheme for IP tracing. This method uses IP address and MAC authentication information based on different network protocols to choose for different packet marking median. With the network simulator NS2 to simulate the implementation of the algorithm, theoretical analysis and simulation results show that ANDPM algorithm compares with other DMP algorithms, the false positive rate to reduce a lot, and can trace the maximum number of simultaneous attackers increased to 140,000.Third, introducing the basic structure of IPv6 protocol, IPv6 network compared to IPv4 has many advantages, IPv6 network is still at the trial stage, DDoS attack is likely to occur. In the IPv4 packet marking, the marking information is added in the ID field of the IPv4 header, but the IPv6 has no ID field in its header. In this paper, improving deterministic packet marking method, the border router network interface's address information as marking information is added in the Hop-by-Hop options header of IPv6 extension header. In the IPv6 network, deterministic packet marking algorithm is implemented. The result shows DPM algorithm can be implemented on existing IPv6 network easily and efficiently. |
PDF Full Text Request