大流量优先的实时IP随机包标记反向追踪

计算机应用 ›› 2005, Vol. 25 ›› Issue (07): 1498-1501.

大流量优先的实时IP随机包标记反向追踪

李强，朱弘恣，鞠九滨

吉林大学计算机科学与技术学院，吉林长春 130012

修回日期:2005-03-09 出版日期:2005-07-01 发布日期:2005-07-01
作者简介:李强（1975-），男，吉林长春人，讲师，博士研究生，主要研究方向：网络安全；朱弘恣（1980-），男，江苏宿迁人，硕士研究生，主要研究方向：网络安全；鞠九滨（1935-），男，黑龙江哈尔滨人，教授，博士生导师，主要研究方向：分布式系统、计算机网络
基金资助:
〗国家自然科学基金重大研究计划项目（90204014）

Larger-traffic-first packet marking for real-time IP traceback

LI Qiang, ZHU Hong-zi, JU Jiu-bin

School of Computer Science and Technology, Jilin University

Revised:2005-03-09 Online:2005-07-01 Published:2005-07-01

摘要/Abstract

摘要： 在现有IP随机包标记反向追踪算法实时性的研究基础上，分析了标记概率、推测路径需要的数据包数量和攻击路径距离的关系，提出一个大流量优先的实时IP随机包标记反向追踪方法LTFMS，利用路由器节点当前流量统计，受害者可在最短时间内推测出主要攻击路径。通过建立模拟测试环境实验分析，对于大规模DDoS攻击，该方法在相同时间内可比现有方法推测出更多的攻击路径。

关键词: IP反向追踪, 包标记, 实时性, DDoS

Abstract: Based on the current research on improving realtime PPM algorithms in IP traceback, the relations among marking probability, traffic volume for constructing an attack path and the distance of the attacking path were analysed. And an approach of realtime IP tracebacking which deploys larger traffic first probabilistic packet marking scheme (LTFMS) was proposed. According to the statistics on the present traffic of routers, a victim could construct a major attacking path in minimum time. For large-scale DDoS attacks, by establishing a simulated test environment and experiment analysis, LTFMS can construct more attacking paths than the existing schemes within the same time.

Key words: IP traceback, packet marking, real-time, DDoS

中图分类号:

TP393.07

李强，朱弘恣，鞠九滨. 大流量优先的实时IP随机包标记反向追踪[J]. 计算机应用, 2005, 25(07): 1498-1501.

LI Qiang, ZHU Hong-zi, JU Jiu-bin. Larger-traffic-first packet marking for real-time IP traceback[J]. Journal of Computer Applications, 2005, 25(07): 1498-1501.

参考文献

[1]LEE SC, SHIELDS C. Tracing the Source of Network Attack: ATechnical, Legal and Societal Problem[A]. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security[C], 2001.

[2]BELLOVIN SM. ICMP Traceback Messages[EB/OL]. InternetDraft: draftbellovinitrace00.txt, 2000.

[3]SNOEREN AC, PARTRIDGE C, SANCHEZ LA, et al. HashBased IP Traceback[A]. Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication[C], 2001.

[4]SCHNACKENBERG D, DJAHANDARI K, STRENE D. Infrastructure for Intrusion Detection and Response[A]. Proceedings of DISCEX[C], 2000.

[5]SAVAGE S, WETHERALL D, KARLIN A, et al. Network Support for IP Traceback[J]. ACM/IEEE Transactions on Networking, 2001,9(3):226-237.

[6]SONG DX, PERRIG A. Advanced and Authenticated MarkingSchemes for IP Traceback[A]. Proceedings of InfoCom[C], 2001.

[7]SUNG M, XU J. IP Tracebackbased Intelligent Packet Filtering: A Novel Technique for Defending Against Internet DDoS Attacks[A]. 10th IEEE International Conference on Network Protocols(ICNP)[C], Paris, France, 2002.

[8]YAAR A, PERRIG A, SONG D. Pi: A Path Identification Mechanism to Defend against DDoS Attacks[A]. Proceedings of the IEEE Symposium on Security and Privacy[C], 2003.

[9]The Network Simulator  ns2[EB/OL]. http://www.isi.edu/nsnam/ns, 2004-12.

[10]Internet mapping[EB/OL]. http://cm.belllabs.com/who/ches/map/dbs/index.html, 1999.

[11]PARK K, LEE H. On the effectiveness of probabilistic packetmarking for IP traceback under denial of service attack[A]. Proceedings of IEEE INFOCOM01[C], 2001.338-347.

[12]DEAN D, FRANKLIN M, STUBBLEFIELD A. An algebraic approach to IP traceback[A]. ACM Transactions on Information and System Security[C], 2002.

[13]PENG T, LECKIE C, KOTAGIRI R. Adjusted Probabilistic Packet Marking For IP Traceback[R]. Department of Electrical and Electronic Engineering, University of Melbourne, Australia, 2001.

[14]HUSSAIN A, HEIDEMANN J, PAPADOPOULOS C. A Framework for Classifying Denial of Service Attacks[R]. ISITR2003569, USC/Information Sciences Institute, 2003.

[15]MAHAJAN R, BELLOVIN SM, FLOYD S,et al. Controlling High Bandwidth Aggregates in the Network[J]. ACM SIGCOMM CCR, 2002,32(3).