Ip Traceback Technology Defending Against Distributed Denial Of Service

The network is penetrated into various areas of people’s lives, more and more people feel the convenient and quick the Internet brings to our lives. When we enjoying the efficient and convenient service network have brought us, we suffer such as Trojans, phishing and hacker attacks and other issues at the same time. Among the many security threats, the harm caused by DDoS (Distributed Denial of Service) to people is huge. Experts from all walks of the society pay close attention to DDoS defense.There are a variety of technology defenses DDoS.IP traceback find the attacker according the attack path, and defense DDoS attacks fundamentally.Therefore,IP traceback is favored by many scholars.Usually, IP traceback is divided into five categories, and packet marking and logging are two kind of them.By using the free space of packet header, packet marking can reduce resource overhead. The logging can complete the task with a single package. Therefore, packet marking and logging are favored by the researchers. In recent years, in order to reduce the length of the path and shorten traceable time, researchers upgrade the traditional IP traceback to the AS (Autonomous System) level.And this is an important direction of development of the IP traceback.IP traceback based on the AS layer has not been systematically studied.In this paper, we will classify the existing traceback methods based on the AS layer. According to the basic methods, AS traceback can be divided into four categories.There are authentication autonomous system technology, AS traceback based on packet marking, AS traceback based on logging and the two-steps AS traceback.In analysis of the existing AS traceback technology, we propose an AS traceback technology HAST (Hybrid Autonomous System Traceback) in this paper.HAST is a mixed technology of the traditional IP traceback and the AS traceback.HAST can trace the attacker accurately in a short time with a single packet.HAST is divided into two parts:First, the information packet marking; second, the path reconstruction. Packet marking part divide into two stages:in the first stage, all routers in the first AS mark the packets when the packets enter in the AS; in the second stages, only the border routers in all AS mark the packet when the packet coming from one AS entering into another.Path reconstruction part also divides in two step:the first step is finding out the source AS, and the second step is path reconstruction in the IP level in the domain of the source AS, and finding out the real attackers. Simulation results show that the HAST can trace the attackers accurately in a short time with a single packet. Moreover, HAST has the characteristics of less resource overhead and stronger tamper resistance.