The Methods Of IP Traceback Based On Features Of Nework Traffic

With the rapid development of Internet, the network already permeated into various fields of human society. More and more people enjoy the convenience of Internet to their life, study and work. However, while the Internet brings about the convenient and efficient services, it also makes people suffer from viruses, trojans and other network attacks. Among the various security threats, DDo S(Distributed Denial of Service) attack is a kind of serious threat to the society, because of its easy implementation, difficulty in being traced and great harm to the society.Among the techniques for defensing of DDo S attacks, IP trace-back is concerned by large amount of researchers, due to its purpose is to find the real attackers and fundamentally defensing DDo S attack s. But most existing techniques for IP trace-back rely on marking and logging, which bring about high overhead of resources, high configuration requires of network equipment and so on. Therefore, it's difficult to realize the techniques.In order to overcome the defects shared by the existing techniques of IP trace-back, this paper puts forward three blind detection algorithm based on features of network traffic:Firstly, a blind detection algorithm for tracing back a single-packet from mixed traffic by determining parameters of features' windows. In this method, we regarded packet Contexts and clusters as traffic features, and deeply analyze the features, selected parameters of windows according to phase space reconstruction theory, chaos, and the Multi-Laplace distribution pattern of network traffic.Secondly, a blind detection method for tracing the real source of packets by cluster matching. We proposed an evaluation model for evaluating the independence of clustering result, proposed the method for sele cting the number of clusters. In addition, we proposed the judgment model for evaluating the distance between clusters.Thirdly, a blind detection algorithm for tracing back a single-packet based on graph clustering method. In this method, we proposed the algorithm for feature extraction based on graph structure.The basic idea of the three algorithms is that: Firstly, pick up the comprehensive features of network traffic that is not easy for attackers to manipulate; Secondly, propose algorithms for feature matching according to the types of features. This study have independently developed a platform for network scenario realization, deployed the topology of servers, injected the authoritative dataset into the platform, implemente d the algorithm in the platform, providing evidences. The experimental results show that the accuracy of trace-back algorithms proposed in this paper is higher than that of the existing algorithm.