一种基于ICMP信息追溯方法
A Method of Information Tracing Based on ICMP
摘要:
为了追溯DOS/DDOS的攻击源,人们研究并提出一些实用可行的追溯方法,其中最有效的当属基于ICMP的反向追溯方案。但该方法在遇到攻击者和普通用户同一路径时,在选择报文生成追溯信息上就不是那么准确了。此论文中,我们将提出一种改进的ICMP信息追溯方法,目的在于提高追溯攻击路径的准确性,为定位攻击源,找到攻击者,防御DOS/DDOS攻击提供重要依据。其方法主要是在决定模块中有目的性的选择高频率攻击流进入的接口来生成追溯报文,从而使选中攻击报文的概率更加趋于1。通过实验分析论证,在生成有效追溯信息方面比之前的方法高出近十个百分点,表明了此追溯方法较之前是更准确有效的。
Abstract:
In order to trace the DOS/DDOS attack source, people study and put forward some practical and feasible traceability methods; one of the most effective is the reverse retrospective program based on ICMP. However, when the attacker and the average user encounter the same path, in the choice of message to generate traceability information is not so accurate. In this paper, we will propose an improved ICMP information tracing method, which aims to improve the accuracy of retrospective attack path, and provide important basis for locating attack source, finding attacker and defending DOS/DDOS attack. The method is mainly to determine the module in the purpose of selecting the high frequency attack flow to enter the interface to generate traceback packets, so that the probability of selecting the attack message more tends to 1. Through the experimental analysis and demonstration, it is nearly 10% higher than the previous method in the generation of effective retrospective information, indicating that the retroactive method is more accurate and effective than before.
参考文献
|
[1]
|
Chen, S.G. and Du, W.L. (2005) Stateful DDoS Attacks and Targeted Filtering. Journal of Network and Computer Applications, 30, 823-840.
|
|
[2]
|
Henry, C.J. and Miao, M. (2003) ICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback. Springer-Verlag, Berlin Heidelberg, 124-135.
|
|
[3]
|
Simpson, W. and Karn, P. (1999) RFC 2521: ICMP Security Failures Messages. Internet Engineering Task Force.
|
|
[4]
|
Haining, W. and Kang, G. (2007) Defense against Spoofed IP Traffic Using Hop-Count Filtering. IEEE/ACM Transactions on Networking, 15, 40-53.
https://doi.org/10.1109/TNET.2006.890133
|
|
[5]
|
Bellovin, S. (2003) The ICMP Traceback Message. IETF Internet Draft “Draft-Ietf-Itrace-04.txt”, Work in Progress.
|
|
[6]
|
Tao, P. and Kotagiri, R. (2007) Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys, 39, Article 3.
|
|
[7]
|
Atkinson, R. and Kent, S. (1998) RFC 2401: Security Architecture for the Internet Protocol. Internet Engineering Task Force.
|
|
[8]
|
Ferdous, A. and Barbhuiya, R.S. (2012) An Active Detection Mechanism for Detecting ICMP Based Attacks. 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, United Kingdom, 25-27 June 2012 to June 27, 51-58.
|
|
[9]
|
张翎丽, 任新华, 朱晓军. 具有追忆路径的ICMP反向追踪方案[J]. 计算机应用, 2004: 24(s2):107-109.
|
|
[10]
|
Felix, W. (2001) On Design and Evaluation of Intention-Driven ICMP traceback. Proc. IEEE International Conference on Computer Communications and Networks, Scottsdale, Arizona, USA, 2001, 159-165
|
|
[11]
|
胡延平, 王连杰, 刘武. 基于ICMP的网络性能分析[J]. 计算机工程与设计, 2003(4): 30-32.
|