Research On DRDoS Attack Traceback Based On Packet Marking

With the rapid development of the Internet industry and the rapid expansion of the network, security issues become increasingly severe, due to the network technology is still not perfect, enterprises and countries face the network’s serious threat. The distributed denial of service attack is one of main threats, it can attack to one or more target with distributed computers, requesting a large amount of network resources that cause network server paralysis. The attack source address can be forged that makes the attack traceback difficult. However distributed reflection denial of service (DRDoS) attacks more concealed, because it forged source address, it make the server indirectly attack victims with some network protocols, so most of traceback schemes cannot effectively trace attackers.For DDoS attack traceback, this paper focuses on the research of the traceback of distributed reflection denial of service attack (DRDoS). Traceback technologies can be divided into five methods, Ingress Filtering, Link Testing, Logging, ICMP Traceback, Packet Marking, etc..The proposed algorithm is based on Dynamic Probabilistic Packet Marking Technology, the method uses TTL value to calculate the marking probability at each intermediate router so that the victim can receive each router’s marks with equal probability; It uses available space to mark as much as possible, and stores marking information with four slice sampling in the tag domain, so that the required packages are reduced; And the method reduces the reconstruction complexity and improves the accuracy of construction further by constructing hash value relationship between the adjacent IP fragments; The method adds a coverage bit to solve the coverage problem of forwarded routing marking information; In order to make the reflection nodes efficiently store and copy forwarded marking information, the method uses the improved Bloom Filter data structure, and designs the corresponding marking strategies in each routing node, routing algorithms are mainly divided into middle route algorithm, reflection algorithm and reconstruction algorithm. Compared with other tracing methods, the proposed algorithm has strong applicability because of reconstructing the attack path without mastering the network topology in advance.In this paper, the theory is proved, and OMNeT++ simulation experiments verified that the method can be effectively applied in the DRDoS attack traceback.