Relfective Distributed Denial Of Service Attack Source Tracing Study

With the era of information technology matures, computer network technology haspenetrated into people’s life and work. And more and more people enjoy the benefits thatcomputer network technology has brought to people. However, due to the imperfectdevelopment of network technology, network security risks buried a invisible bomb to thepeople. Denial of Service Attack is one of the key network security issues. Due to the low costof the attack, it is easy to download attack tools, attacks harm large, it become one of themainstream means of attack in the network. However the defense technology of denial ofservice attack, such as intrusion detection systems, firewall technology, can prevent theoccurrence of certain attacks, but can not find the source of the attack. It is great significancethat tracking attack source is for reducing the loss of the site, fighting cyber crime and obtaininglegal evidence by technology. Therefore, the problem of denial of service attack traceback isneeded to solve. This paper mainly studies the attack source tracing of distributed denial ofservice attack and reflective distributed denial of service attack.Based on the current network security status, the paper analyzed the DDoS attack ofprinciple, classification, several typical attack, a common attack tools and defensive measures.Then the paper detailedly analyzed link test method, routing log method, ICMP-based trackingmethod, node sampling notation method, edge sampling notation and adaptive probabilisticpacket marking algorithm and so on mainstream traceback technology. Paper focus on theprobabilistic packet marking technique and on the basis of this, propose a program of ReflectiveDistribute Denial of Service attack source atracing. The main idea of the program is: the routermarking algorithm is ralated to the path length. When the path length is in a certain range, thepackets marked by the upstream routers will not be repeatedly marked by the downstreamrouter. When the path length exceeds a certain value, the router takes the strategy of APPM.The programe has good convergence. And it reduces the load of the router overall, and makethe router do a better job of data forwarding. Subsequently, for the path information before thereflector being able to continue to responding package this programe use the Bloom Filter datastructure and improve it as the reflector’s storage structure which can store marked packet. Andbased of this the author proposes the storage algorithm and copy algorithm of the reflector. Finally, the author analyse the performance of the proposed algorithm from the four aspects ofcompatibility, security, convergence and router load and using NS2simulator experimenting toverify the superiority of good convergence and low routing load of the new algorithm.