| With the widely use of Internet and E-business, DDoS attack is still one of themajor effect of Internet security. Varies kinds of denial of service attack defensemeasures show up. IP Traceback technique is the major defense measure. Denial ofservice attack depends on consuming network band width and resource by send victimlots of invalid requests. Then the victim will be busy with replying these invalidrequests, and disable to provide normal service for legal user. Based on DoS attack,there is a new attack which developed by several attackers to implement DoS attack atthe same time, called DDoS attack. IP Traceback is a technique to find out the sourceattacker. But in DDoS attack, attackers always use spoofed IP address to implementattack, this make it much more difficult to trace the real attacker. In this thesis, we startfrom packet marking and aim at how to mark packet effectively and how to achievepath reconstruction. In this thesis, my works are listed as below:1. In this thesis, firstly, we analyze the status of today’s Internet network security.We discuss DDoS attack from three aspects: how do the distributed denial-of-serviceattacks generate, what is the classification of DDoS attacks, and common attack methodof DDoS attacks. We analyze several kinds of traceback techniques, compare theadvantages and disadvantages of them. We pay more attention on packet marking.2. PPM has lots of short comings which are not feasible under DDoS attacks. Tosolve these problems, we make the most use of IP header, extend the marking space, andreduce the number of fragments to reduce the computational overhead in pathreconstruction, and reduce false positive. We use TTL field to compute the markingprobability and let the victim receive each fragments with the same probability. We alsouse hash function to enhance the security of the marking scheme.3. With the knowledge of deterministic packet marking (DPM). We propose ascheme of DPM based on Autonomous System. To solve the problem of DPM, we usefragment marking and whole address marking in source AS and destiny ASindependently. Make inter-domain tracing possible. And enhance the security andensure the confidentiality. 4. With the theoretical analysis and the simulation of the whole traceback processunder tool NS2, we prove the feasibility of these two schemes. |
PDF Full Text Request