Attack Source Localization Based On Packet Marking

With the rapid development of network technologies, Internet applications are under exponential growth. At the same time of large-scale development in the network, network and information security issues are becoming serious. IP traceback is an active defensive technology that could track the address of attack source. Quickly and accurately positioning the attack source has provided favorable conditions for real-time isolation or attack blocking, and at the same time could provide legal evidence to deter the attacker, thus improve network security. Therefore, it becomes an urgent issue to identify the actual source of the attacker's origin. This thesis focuses on the packet marking techniques of attack source positioning and makes improvement to it..This thesis analyzes the elements and features of a variety of network attacks, and discusses the overall network attack defense based on the attack prevention, attack detection, and attack response and elimination. Then the thesis also gives a systematic study of current tracking technology and analyzes their advantages and disadvantages.On the analysis of the basic packet marking algorithm and advanced marking scheme, this thesis improves the basic packet marking algorithm. This method greatly reduces the calculation volume and the number of misinformation.This thesis does a deep research on many packet marking algorithms. Because the packet marking schemes have not enough storage space to store edge and use the probability of invariable sign, reconstructing the attack path needs a large number of packets. This thesis presents a packet marking algorithm. This algorithm compresses IP packet with the IP compression techniques to makes enough space to store information, which greatly reduces the number of misinformation. At the same time, the algorithm uses variable probability to mark packets that in any one router the last markingprobability for each packet is the same, in order to achieve the optimal convergence. Finally, this thesis uses the famous simulation software Optimal Networking Engineering Tools to compare kinds of packet marking schemes to prove the main results.