Research On The Technology Of Network Attack Tracing

Along with the development of network services and applications, network securitybecomes more and more important, some illegal network attacker using legal host systemvulnerabilities to carry on the sabotage. At present the attack tool or the attackers’ own level is aboost, facing the current situation of the complex network, promptly and effectively activedefense technology is the most powerful guarantee to Network security. Attack source trackingtechnology is the key of active defense, when network attacks happen, accurate, timely andeffective positioning to the attack sources and give the attackers a punishment in the law, whichis the most effective way for ensuing the network security dynamically and persistently.First, this paper introduces the principle of intrusion detection technology and some relatedtechnology, in view of relevant technology lacking of detection efficiency, this paper proposes adynamic sorting test methods which is based on the rules of protocol analysis, the characteristicsof this method is using the highly regularity of packets seal structure in network environment,and according to the Network protocol type of the packets,we can detect possible attack quickly,and this technology can improve the efficiency of detecting attacks.Second, the paper introduces the current existing attack source tracking technology,analyzes the advantages and disadvantages of various tracking technology, according to theshortages of existing tracking technology, this paper presents a new attack source trackingmethod, which based on ant algorithm, this method realize attack-path reconstruction ininter-domain and intra-domain. The beginning of attack-path reconstruction, the first step islocating the attack source in AS, and then start the attack-path reconstruction in this AS area; Theattack-path reconstruction in inter-domain will divide a complete tracking process into severalsteps, using pheromone to reduce the scope of the search path, improve the searching efficiency,and then use the Time to Live to solve the "upstream and downstream" problems in the attack path.Third, this paper introduces the SIPT method, according to deficiencies of the SIPTmethod in position attack sources and then put forward an improvement scheme based on SIPT,redefining the optional field if IP packet head to store the checkpoint information, which cantraceback the attack source.To verify performance of the dynamic sorting test methods which based on the rules ofprotocol analysis, Attack traceback method based on ant algorithm and the improvement schemebased on SIPT, made the corresponding experiments. The final experimental results show themethods effective.