| The development of network has brought great convenience to people,meanwhile, the inherent defects of the network protocol also gives cause for networksecurity issues prominently. Distributed denial-of-service attack becomes the mostdifficult network security problem because of its easy implementation, attack flowcharacteristics and has difficulty in defending and tracking. From the defense point ofview, distributed denial-of-service attack can be effective against such attacks on thecondition that establishing a distributed defense system, such traditional firewall canonly be passive defensive measures against attacks, so it is not always ideal. Therefore,research on distributed denial-of-service attack and countermeasures is of greatpractical significance.This article analyzes the principle of distributed denial-of-service attack andclassifies attacks in various forms, then analyzes the measures separately fromdetection, prevention and tracking of the denial -of-service. Source traceback is atechnique of locating attack source and an important part of defense system achievingdistributed denial-of-service, which takes the initiative to find a way to locate theattack source and it not only plays an important role in construction of the entiredefense system but also can be used as a legal responsibility to investigate evidence ofthe attacker.Packet marking technology is a source traceback technique commonly applied sofar. this paper analyzes in depth the basic marking schemes and advanced markingschemes, among which the basic marking schemes has disadvantage like, highmisinformation rate, bringing out great calculation task when reconstruct the attackpath and so on. Advanced marking schemes has improved greatly on reconstruction ofthe attack path and false alarm rate in computational aspects , but it requires thevictims to know upstream network topology in advance . The author improves theadvanced marking schemes by inheriting its advantages and abandoning its strong assumption The basic idea of this algorithm is: a victim interacts with theupstream router, and issue a confirmation request to the path, then the upstream routerreceives a request information and help victims confirm the path and recall layer bylayer until the attack source is found. As the victim's upstream routers constitute thetrue topology, so it is not necessary for victims to know the upper topology in advance.Network simulation is a basic means of researching network technology .Theauthor analyzes not only from the theoretical improved algorithm, but also confirmsfrom simulated network environment. The theoretical analysis and simulationexperiments show that the improved algorithm not only converges faster, be morestable, but also has smaller marking probability.Finally, this paper makes a summary and points out future research directions. |
PDF Full Text Request