Research And Implementation Of IP-traceback For Denial Of Service Attack Based On Packet Marking

Due to the low difficulty of implementation and the wide range of attacks and resulting in huge economic losses, denial of service attacks have become one of the most serious problems that threaten the security of the Internet. At present, the defense against denial of service attacks can only be mitigated and can not be fully defended, but attacker tracing can not only locate the attacker, but also prevent future attacks. Therefore,the attack on the denial of service attackers become an urgent problem to be solved. Packet marking technology is the main technology of IP-traceback for denial-of-service attack in recent years. It marks the information of the router in the packet and collects the marker information in victim to reconstruct the complete attack path, to achieve the purpose of trace attackers.Based on the DoS attack traceback technique, this paper studies the packet marking traceback technology in Autonomous System. First of all,this paper analyzes the current research status of feasible traceback system, and introduces the attack principle and characteristics of the denial of service attack. According to the characteristics of the attack, it analyzes the feasible traceback scheme, describes the methods of logging,input debugging, ICMP tracing, Coverage network and the packet marking. And performance analysis and comprehensive evaluation of each traceback method. Secondly, this paper studies the existing packet marking technology of denial of service attack, and puts forward the advantages and disadvantages of the existing scheme. Thirdly, a new dynamic probability packet marking algorithm based on fragment association is proposed to solve the problem that the existing packet marking traceability technology can not resist the problem of forgery packet, path reconstruction time-consuming and path recombination is difficult under distributed attack. According to the characteristics of the packet header, the algorithm increases the selection space of the marker field. Aiming at the transmission characteristics of the packet on the network, the feasibility and method of modifying the TTL are analyzed.The calculation method of the dynamic probability is put forward. The process of marking and processing of packet marking information is expounded, and the algorithm of attack path reconstruction at the victim is given. Next, a dynamic probabilistic packet marking traceability system based on fragment association is proposed for the modified algorithm. The design of the system and the design scheme and implementation of the key functional modules are introduced in detail.Finally, using multi-NIC server to simulate router to set up an experimental environment and use the DDoS attack tool TFN2K to test the system, to prove that the dynamic probabilistic packet marking system based on fragment association has accurate traceability results in the autonomous system. The validity of the traceability system is verified.