Research On Address Spoofing Attack Traceability And Defense Mechanism In Programmable Network

Network trusted communication is one of the core technical directions of the future network,and it is also a key issue that has long plagued academia and industry.The Internet Protocol(IP)address is the core element of the current IP network architecture.Under the evolution trend of network communication such as ubiquitous access and network opening,the problem of address spoofing has become a major obstacle to the development of trusted communication technology.Source address spoofing attacks have several features such as unknown identity and location of the attacker,difficulty in pursuing accountability afterwards,and reflection amplification of attack traffic.This thesis focuses on the source traceability and attack defense of address spoofing attacks.Under the framework of programmable network,a three-stage and three-plane source traceability and defense scheme is proposed to realize flexible source traceability and collaborative defense against address spoofing attacks.The specific content of this thesis is as follows:(1)This thesis proposes a flow multi-dimensional feature map sampling algorithm based on P4 under the programmable network,and combines the principle of variance minimization to improve the data update rate;on the basis of flow sampling,this thesis establishes a network traffic timing prediction model based on holt-winters,select the combination of characteristics of specific network traffic to make traceability decisions,and provide a reasonable triggering opportunity for the traffic traceability mechanism.(2)This thesis designs a traceability mechanism to restore the attack path and locate the source of the attack under the programmable network.A hybrid traceability strategy based on P4-based path information recording and IP address fragmentation probability marking is proposed.The path record strategy can be used to save the path reconstruction cost of the controller,and the source IP address fragmentation strategy can be used to alleviate the storage cost of the switch.(3)This thesis proposes a threat intelligence platform based on smart contracts under the programmable network,and proposes a cross-domain collaborative threat intelligence sharing method.Collect traffic statistics abnormal information to update victim information,collect traceability results to update threat intelligence.Finally,this thesis conducts experimental tests to verify that the hybrid traceability mechanism proposed in this paper can effectively realize attack path restoration and attack source location.From the perspective of experimental indicators,the number of data packets required for traceability and location is better than the existing traceability methods based on probability marking.