一种基于ICMP信息追溯方法

Abstract

为了追溯DOS/DDOS的攻击源，人们研究并提出一些实用可行的追溯方法，其中最有效的当属基于ICMP的反向追溯方案。但该方法在遇到攻击者和普通用户同一路径时，在选择报文生成追溯信息上就不是那么准确了。此论文中，我们将提出一种改进的ICMP信息追溯方法，目的在于提高追溯攻击路径的准确性，为定位攻击源，找到攻击者，防御DOS/DDOS攻击提供重要依据。其方法主要是在决定模块中有目的性的选择高频率攻击流进入的接口来生成追溯报文，从而使选中攻击报文的概率更加趋于1。通过实验分析论证，在生成有效追溯信息方面比之前的方法高出近十个百分点，表明了此追溯方法较之前是更准确有效的。 In order to trace the DOS/DDOS attack source, people study and put forward some practical and feasible traceability methods; one of the most effective is the reverse retrospective program based on ICMP. However, when the attacker and the average user encounter the same path, in the choice of message to generate traceability information is not so accurate. In this paper, we will propose an improved ICMP information tracing method, which aims to improve the accuracy of retrospective attack path, and provide important basis for locating attack source, finding attacker and defending DOS/DDOS attack. The method is mainly to determine the module in the purpose of selecting the high frequency attack flow to enter the interface to generate traceback packets, so that the probability of selecting the attack message more tends to 1. Through the experimental analysis and demonstration, it is nearly 10% higher than the previous method in the generation of effective retrospective information, indicating that the retroactive method is more accurate and effective than before.