Based On The Packet Marking Of DDos Attack Tracing And Source-finding Technology Research

DDoS is the most violent in the cyber attacks,it has been a serious threat to the Internet and its application of availability,the reason for the growing security threats is that DDos has some features such as a means of concealment,easy-implementation,the apparent attack effect and the difficulty of attack,etc.DDos has become more cunning and difficult to be found in the past two years.At the same time.Under this background,The academia started to denial of service attack source tracking technology research and development.In an anonymous source of DDoS attacks in the research field of track,academia proposed several kinds of solutions based on the probabilistic packet marking attack source tracing scheme,with its efficient and flexible become the focus of attention,but there are still differences of performance.This test aims at the most representative solution related performance indicators carried on the thorough discussion,that points out the key factors that lead to differences is the reconstruction algorithm and marking probability values,and counterfeit package can cause a lot of interference on performance.Through the full investigation of the current distributed denial of service attack detection and filtering technology,the research status of source IP tracking Technology,this article proposes a classification procedure which based on the set theory model of distributed denial of service attack defense technology,and then propose the distributed denial of service attack model of the integrated defense that based on the attack lifecycle process;and come up with the IP source tracking algorithm based on a probabilistic packet marking by enormous amount of research to attack source tracking technology in the study of denial of service tracking method.This algorithm is based on the theory of linear algebra and one-time key principle of HMAC authentication,compared with other algorithms,it does not need the ISP topology information,and it applies to directly reflect attack as well as be applied to attack,in addition,in the protocol compatibility,convergence and attack topology recovery were also can show a good accuracy.