Based Packet Marking For Ip Traceback

With the development and wide application of Internet, people live more comfortable lives with network, especially convenient and higher quality service provided by Internet applications, such as E-business and E-bank. However, the ensuing potential network security problems and the consequent huge economic loss make people tremble with fear.Recent years, denial of service attack is among the hardest security problems to address because it use source IP address spoofing technology send large amounts of data packets to the victim host and occupy network resources and system resources maximize, so that overloading the host victim which unable to provide services to legitimate users. The distributed denial of service attack develop from the denial of service of service attack, which uses online detection tools and capturing large quantities of network hosts which becomes puppet machine send carry out denial of service attack at the same time. It has a great harm, especially it carry out attack targeted at large commercial sites, government servers etc, so the commercial loss brought by the distributed denial of service even more difficult to measure. Therefore, the domestic and foreign experts and scholars on their in-depth studies and put forward a number of response options, such as increased tolerance, improve the security level of the host system and so on. Based on this, savage and others describe the basic probability of packet marking program, when data packets through the router which marked packets with a fixed probability, recording the 64bits address information in the 16bits identity domain in the data header. This thesis study PPM in depth and analyze the strengths and potential weaknesses, describing improvement measures for its shortcomings and a new scheme of un-overwriting PPM for IP traceback, which increase the efficiency of path reconstruction.This thesis first analyzes the mechanism of denial of service attacks, methods and countermeasures, then studies several packet marking schemes for traceback in-depth, meanwhile analysis of their respective advantages and disadvantages. Focus on the basic probability of packet marking program, because the time that the PPM described early, there are some disadvantages, such as the large computational overhead, the weak convergence and so on.In order to solve the problem of insufficient storage space in packet, this thesis presents an effective scheme to reduce space overhead mark. Because there are two reserved bits in the type of service field (TOS) in the IP header which hardly use when data packets travel in the network, and the value in TTL domain subtract 1 when data packets after a router. So we use reservation bits of Type of Service (TOS) field and TTL domain in IP header effectively which can decrease the needed packets in attack path reconstruction.Because routers marked packets with a fixed probability, the marked packets may be overwriting by downstream routers, victim received packets include information of router closest to the attacker is least, produced the weakest chain, increased number of packets used to reconstruct the path. So, for this problem, this thesis present A new scheme of un-overwriting PPM for IP traceback which use the reservation bit of flag and TTL domain in IP header effectively, marked packets not be rewrote by downstream routers, the victim received packets include information of all routers is same, it will solve the weakest chain effectively and reduce computationally expensive in the path reconstruction.In order to verify and evaluate the advantages of the scheme proposed in this paper, using simulation and quantitative measures, find that our scheme successfully.The adoption of enhanced scheme based on PPM and un-overwriting PPM scheme can trace to the attackers more rapidly and prevent the attack from the source, which can reduce much unnecessary losses.