用於單一封包追蹤來源之代數標記法

Abstract

隨著網路應用程式的發展，許多的網路安全議題備受重視。由於攻擊者常利用一些系統上的安全漏洞來對使用者的系統造成傷害，而且其來源可能是假造的，因此需要IP追蹤技術用來反向追蹤攻擊的真實來源。追蹤攻擊來源的技術可大致上分為兩類:一類主要靠多量封包來建立如Dos或DDoS 等攻擊的路徑，另一類則是僅靠單一封包就可以追蹤攻擊的來源。在本篇論文中，我們提出一個代數標記法來達成單一封包IP反向追蹤攻擊的來源。此標記值是由路由器根據收入封包的介面編號來作計算，因此封包所經過的路徑可以透過網路拓僕結構循序建出。此方法對於在路由器上支援追蹤攻擊的作業不需要額外的記憶體。除此之外，追蹤攻擊者可以不受時間限制地建出攻擊的路徑。最後，本論文所提出的機制還可以免除經常被用來困擾追蹤攻擊者來源的的假造問題和重送問題。

Along with the development of Internet applications, many network security issues become highlights. Attackers often damage computer systems via security vulnerabilities with the source IP address spoofing techniques. Recently, the traceback schemes are targeted for tracing and locating the real source of the attacks. Traceback techniques are divided into two categories: one constructs the attack path of DoS or DDoS by numerous packets received; the other does the same job by only one packet. In this thesis, an algebraic marking scheme for single-packet IP traceback is proposed to precisely identify the source of the attack. The marked value that calculated by routers is according to the incoming link number of each router. Consequently, the attack path can sequentially be constructed with the information of Internet topology. In this way, our scheme does not require extra memory in routers to support the operation for traceback. The victim can always successfully construct the attack path without any time constrain. Furthermore, proposed scheme resists from mark spoofing and replay attacks that are commonly used to mislead existing traceback mechanisms.