| With the development of Internet, it becomes more and more difficult to meet people’s demand with IPv4, which leads the transformation to IPv6 network necessary. Though security problems were taken into consideration and IPSec was set as a compulsory part when IPv6 was drafted, security problems, such as DDoS attack, still exist in IPv6 network, which makes IP traceback very relevant to these problems. Tracing the real source of DDoS attack is one of the key aspects of reducing the loss of victims. However, most current IP traceback schemes can’t be used in IPv6 network, because they are established basing on IPv4 which is quite different from IPv6.In this dissertation, security problems and DDoS attacks in IPv6 network are analyzed. After comparing all the IP traceback schemes, flow-based Deterministic Packet Marking (DPM)scheme for IPv6 network is proposed to lighten the load of marking routers. Then this sheme is simulated in NS2, and its performances are analyzed basing on the simulation results.This flow-based DPM scheme can trace large scale of simultaneous DDoS attackers. As it supports postmortem traceback, attackers that were not noticed at first can also be traced. Besides, it only takes a relatively small amount of marked packets to reconstruct the ingress addresses. Unlike other DPM schemes, flow-based DPM doesn’t induce false positive rate. Moreover, it is also easy to carry out in current routers and basically increases no additional traffic. Though this scheme is designed to trace DDoS attackers in IPv6 network, it can also be used to filter out anomaly traffic. |
PDF Full Text Request