Research Of DDoS Defense Scheme Based On IP Traceback

The full name of DDoS is Distributed Denial of Service, and a lot of DoS (Denial of Service) attack formed of DDoS attack. Denial of Service attacks and distributed denial of service attacks is the main form of attack of the Internet. Tracking of the source IP of the attack source is an active prevention of DDoS defence technology, it will help found behind the attackers DDoS attacks, and will be a attack evidence.To aehieve better attaek effects, the DDoS attacker assaults the victim from hundreds of zombies rather than from the irown maehine. IP spoofing technique is frequently used to elude possible penalties, making it difficult for the victim to determine the source of DDoS attack. Many IP traceback sehemes are proposed. But the deficiencies of the existing approaches inelude, but are not limited to:heavy computational burdens, slow convergence and high false alarm rates. The contribution of this paper is as follows:(1) Introduce the latest research of DDoS attack defense, systematic analysis of DDoS attack defense technology and research, detection and prevention methods, and to lay atheoretical foundation for further studies on the defense of DDoS attacks.(2) Use the IP traceback method to defense DDoS attacks to prevent the occurrence of DDoS attacks. Under the premise of this work, proposed a TTL-based router lightweight IP back scheme to get the attack path through the records ofthe IP header TTL, The method does not require a new ICMP packets, the attackers can not perceive the victim host to track the method is applicable in any strength of DDoS attacks, to solve the tradition of the PPM (Probabilistic Packet Marking) method in the high failure strength of DDoS attacks, it also increases the efficiency of backtracking, this method can effectively solve the problem of distributed denial of service attacks reconstruction.(3) Internet service provider (ISP) level as a defensive unit to the Internet autonomous domain DDoS defense method EBPPM (Edge router Based Probabilistic Package Marking). When the attack did not happen, use sampling method to updates the samples, the samples closer to the actual number of visits; when attacks may occur through the record flow and sample flow ratio of a to determine whether the autonomous domain, a flow limiting parameter (3to control the degree of current limiting. Use autonomous domain as a unit to solve the problems of traditional methods preform a number of failures, the jump in the attack a few when the time complexity, backtracking the success rate has a lot of progress. The situation in the development of the Internet, there are some practical value, the scope of IP Traceback is a certain extension.