关键词: 日志记录, 路由器, 重构路径, IP追踪, 部署

Abstract: IP traceback is an important way to defend against distributed denial of service attack. Gong et al's IP traceback method was analyzed and the disadvantage of low speed in reconstructing path was pointed out. An improved scheme was proposed to overcome the disadvantage. The presented scheme employed the information of router interface to mark a route so as to shorten the mark length in original method. In the proposed scheme, the speed of reconstructing path was enhanced and the false positive was lowered since it was decided whether the log was detected according to the deployment of router. Moreover, the scheme can well support incremental deployment.

Key words: log, router, path reconstruction, IP traceback, deployment