Computer Engineering and Applications ›› 2016, Vol. 52 ›› Issue (6): 102-106.

Previous Articles     Next Articles

Attack source traceback scheme based on probabilistic packet marking for IPv6 network

FENG Bo1, GUO Fan2, TAN Suwen3   

  1. 1.Jiangxi Communication Administration, Nanchang 330038, China
    2.School of Computer, Jiangxi Normal University, Nanchang 330000, China
    3.Marketing Department, China Mobile Group Jiangxi Co. Ltd., Nanchang 330025, China
  • Online:2016-03-15 Published:2016-03-17

基于IPv6的概率包标记路径溯源方案

冯  波1,郭  帆2,谭素雯3   

  1. 1.江西省通信管理局,南昌 330038
    2.江西师范大学 计算机学院,南昌 330000
    3.中国移动通信集团江西有限公司 市场部,南昌 330025

Abstract: There are few existing IP traceback technologies for IPv6 networks and most IP traceback technologies for IPv4 networks can not be applied to IPv6 without any change. This paper proposes an IPv6 attack source traceback scheme based on probabilistic packet marking according to the features of IPv6. It improves traceback method based on the original IPv4 traceback technology. It selects new marking area, designs identify area and information area which exist in IPv6 basic header and extension header. In this way, it not only solves the problem of insufficient marking space, but also regulates marking information. It uses dynamic marking probability, distinguishing between untagged packets and tagged packets to solve the problem of repeat marking. At the same time, it improves marking algorithm, making IP traceback in IPv6 networks faster and more accurate. Theoretic analysis and simulation results prove that it can find attack source effectively and is more useful than original IPv4 traceback technology.

Key words: IP traceback, IPv6, probabilistic packet marking, attack source, Distributed Denial of Service(DDoS), network security

摘要: 针对现有IPv6路由追踪技术匮乏,以及IPv4路由追踪技术不能直接移植到IPv6网络环境中的问题,根据IPv6的自身特点,提出了一种基于概率包标记的IPv6攻击源追踪方案。该方案在原有IPv4概率包标记方法的基础上进行了有效的改进,重新规划标记区域,分别在IPv6的基本报头和扩展报头上划分合适的标识域和信息域,既解决标记空间不足的问题,又能规范标记信息的存放秩序;采用动态标记概率,区分对待未标记数据包和已标记数据包,解决标记信息覆盖问题,同时,优化标记算法,实现IPv6网络环境下路径追踪的快速、准确。理论分析与实验结果表明,该方案能有效追踪攻击源,且效果优于原IPv4追踪技术。

关键词: IP追踪, IPv6, 概率包标记, 攻击源, 分布式拒绝服务攻击, 网络安全