- 學位論文
週期式固定機率封包標記追蹤技術
Cyclical Deterministic Packet Marking for IP Traceback
摘要
本論文是在研究與防禦網路攻擊方法相關的封包來源追蹤技術。 封包標記法在封包來源追蹤技術中是常常被提到的方法。 現存的封包標記技術可以概分為兩種,機率式封包標記法(Probabilistic Packet Marking)和固定式封包標記法(Deterministic Packet Marking),而以上所述的兩種方法都各自有它的優、缺點。 在本篇論文中,我們提出了一種複合式的機制,叫做週期性固定式機率封包標記 (Cyclical Deterministic Packet Marking),期能以此來解決現存機制中的一些問題。 此週期性固定式機率封包標記技術要求所有在攻擊路線上的路由器,以一種週期式且連續的方式來標記通過路由器的封包。 與機率式封包標記法相比較,這項新技術裡有幾項獨特的優點,此技術需要較少的封包標記即可重建攻擊路徑。 而且在處理假造封包位址,甚至是封包遺失上面都有比較好的效果。 此外,對於標記封包與最後在受害端重建路徑時所需的時間複雜度也在合理的範圍,所重建的攻擊路徑的完整性也與現存的固定式機率封包標記法相同。 尤其值得提出的是,此週期性固定式封包標記法特別考慮在實務上可能發生但被其他機制所忽略的封包遺失問題,而在設計上把封包遺失的影響加入考慮。
並列摘要
Packet marking is a popular technique used in IP traceback. The existing packet marking techniques are categorized into probabilistic packet marking (PPM) and deterministic packet marking (DPM). Each has their respective strengths and weaknesses. In this thesis, we propose a novel protocol, called cyclical deterministic packet marking (CDPM), to address the issues challenging the existing approaches. CDPM demands routers along the attack path to deterministically mark the packets in a sequential and cyclical fashion. This new method exhibits some unique advantages. When compared with probabilistic marking techniques, our approach requires much less marked packets to reconstruct the attack path. It is also more resilient to packet spoofing and, in particular, packet loss. Furthermore, the marking and decoding computation is of reasonable complexity. It can also reveal more complete path than the existing DPM based mechanisms. To the best of our knowledge, this thesis is the first of its kind considering the impact of packet loss in designing packet marking scheme.