一种通用的大规模DDoS攻击源追踪方案研究

本文提出了一种通用的基于概率包标记大规模DDoS攻击源跟踪方法.相比其它方法,该方法通过引入包标记中继算法既适用于直接类型的DDoS攻击路径恢复,也适用于反射类型的DDoS攻击路径恢复.此外,本文通过巧妙运用方程组唯一解判定原理对路由IP实施编码,运用基于一次性密钥的HMAC方法对攻击路径的每条边进行编码和验证,不需要ISP路由拓扑,便能够在被攻击点相应的解码并高效可靠的恢复出真实的攻击路径.分析表明,该种方法能与IPv4协议较好的兼容,具有较好的抗干扰性.通过仿真实验证实,该方法相比FMS、CHEN等人提出的方法在收敛性和误报方面体现了较强的优势.

Research on a Common Scheme for Large Scale DDoS Attack Source Traceback

This paper presents a common marking scheme for large scale DDoS attack source traceback based on PPM. Compared to other schemes, this scheme can be applied to direct and reflected DDoS attack source traceback by using Reflection Relay Algorithm. Furthermore, this scheme encodes the router's IP using techniques from algebraic coding theory, encodes and authenticates the edge information with HMAC method whose secret key is updated periodically, and can decode the information and reconstruct the attack paths effectively, even without the ISP's router map. Through an analysis, this scheme is robust and compatible with IPv4 protocol. In our emulation result, our scheme had a better performance in astringency and false positive test than FMS and CHEN's scheme.