| Internet has developed very quickly,and the formally office based on paper has been replaced by the effective and efficient electronic office. Now the data transfered in the Internet is not only the entertainment or normal information, but also the important and sensitive information. With Internet those sensitive information can be transported expeditious. But with the expand of the savage network attack and virus, the network security has been become precarious when we enjoyed the simple and fast services Internet provided us. Worms and virus updated everyday. Denial of Services attacks has turned into one of the most popular attack form because it is very easy to disposed and can harm widespread. According to the monitor report from Symantec, almost 19,095 computers were infected by the Botnet everyday in our region. The number of computers infected by the Botnet in China is the largest, and it go near to the 71% of the total number of Asia-Pacific. And the number of computers infected by the Botnet in Beijing is next to 16% of this region, and home users were still the object of the attacks, and the percentage is 98%. The number of malicious activities in web in China is 39% in our region, and is larger than other countries. And the average number of malicious activities in web in Taiwan is the largest.It is a system process to front the DoS attacks. It is impossible to deal with the DoS attacks using a single tool, and it is impossible to put an end to the DoS attacks, either. But we can trace back the origin of the attack and find who is the attacker to punish in form of law and penal, and make up the loss of the victim. And this is also a deterrence to the people who want to deploy DoS attack. Moreover,with the development of the technology of tracing back, the cost of a DoS attack become more and more large, and more and more attackers can't continue the attacks, so it is represented that we can defence the DoS attack.The technology of tracing back can be divided into three kinds: marking_based, logging based and forwarding accompanied packets. But the technology based on marking has the shortcoming that it is very difficult to make sure the possibility while marking and it is easy for attackers to modify the information marked by the router, and it need more packets to trace back. Because it needed much storage memory to store the information of the forwarded packets in the router, and it requested the searching technical in the logging technique, the technology based on logging is not practical. The tracing back technology with accompanied packets increased the burden of net and routers, and would aggravate the situation in a DoS attack, so it is not practical either.In this paper, a algorithm based on both marking and logging is proposed. The packets logged the information of router while they were forwarded. And we adopted a space efficient data structure called Generalized Bloom Filter to store the routers' information. The process of tracing back can be divided into the process within the AS domain and between the AS domain. Our scheme can tracing back to the origin of an attack with single packet, and accomplish the process of tracing back in the granularity of AS (Autonomous Systems) and Router. The additional cost of routers in our scheme is very little, the efficiency of storage is very high, and it is effective for this scheme to withstand falsify of the information marked by the routers. As a result of that the whole information of the attack path has been saved in the marking packet, we can trace back with single packet. |
PDF Full Text Request