SEA  >> Vol. 6 No. 1 (February 2017)


周 明,郦苏丹:国防科学技术大学计算机学院,湖南 长沙

ICMPDOS/DDOS网络安全信息追溯ICMP DOS/DDOS Network Security Information Traceability



In order to trace the DOS/DDOS attack source, people study and put forward some practical and feasible traceability methods; one of the most effective is the reverse retrospective program based on ICMP. However, when the attacker and the average user encounter the same path, in the choice of message to generate traceability information is not so accurate. In this paper, we will propose an improved ICMP information tracing method, which aims to improve the accuracy of retrospective attack path, and provide important basis for locating attack source, finding attacker and defending DOS/DDOS attack. The method is mainly to determine the module in the purpose of selecting the high frequency attack flow to enter the interface to generate traceback packets, so that the probability of selecting the attack message more tends to 1. Through the experimental analysis and demonstration, it is nearly 10% higher than the previous method in the generation of effective retrospective information, indicating that the retroactive method is more accurate and effective than before.

周明, 郦苏丹. 一种基于ICMP信息追溯方法[J]. 软件工程与应用, 2017, 6(1): 1-7.


[1] Chen, S.G. and Du, W.L. (2005) Stateful DDoS Attacks and Targeted Filtering. Journal of Network and Computer Applications, 30, 823-840.
[2] Henry, C.J. and Miao, M. (2003) ICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback. Springer-Verlag, Berlin Heidelberg, 124-135.
[3] Simpson, W. and Karn, P. (1999) RFC 2521: ICMP Security Failures Messages. Internet Engineering Task Force.
[4] Haining, W. and Kang, G. (2007) Defense against Spoofed IP Traffic Using Hop-Count Filtering. IEEE/ACM Transactions on Networking, 15, 40-53.
[5] Bellovin, S. (2003) The ICMP Traceback Message. IETF Internet Draft “Draft-Ietf-Itrace-04.txt”, Work in Progress.
[6] Tao, P. and Kotagiri, R. (2007) Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys, 39, Article 3.
[7] Atkinson, R. and Kent, S. (1998) RFC 2401: Security Architecture for the Internet Protocol. Internet Engineering Task Force.
[8] Ferdous, A. and Barbhuiya, R.S. (2012) An Active Detection Mechanism for Detecting ICMP Based Attacks. 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, United Kingdom, 25-27 June 2012 to June 27, 51-58.
[9] 张翎丽, 任新华, 朱晓军. 具有追忆路径的ICMP反向追踪方案[J]. 计算机应用, 2004: 24(s2):107-109.
[10] Felix, W. (2001) On Design and Evaluation of Intention-Driven ICMP traceback. Proc. IEEE International Conference on Computer Communications and Networks, Scottsdale, Arizona, USA, 2001, 159-165
[11] 胡延平, 王连杰, 刘武. 基于ICMP的网络性能分析[J]. 计算机工程与设计, 2003(4): 30-32.