提出了一种分层次的无状态单分组IP溯源(HSSIT)技术.该技术实现了在域间和域内两级粒度上攻击路径的重构,且网络核心不存储分组的任何数据,其主要思路为:对分组头空闲字段重定义,以GBF数据结构记录各分组所经历的路径摘要信息(即路由器AS号和IP地址信息),重构路径时先利用GBFAS确定攻击源AS,然后由该AS内的边界路由器冉利用GBFIP确定距离攻击源最近的路由器.分别从理论分析和模拟测试两方面,将HSSIT与PPM、SPIE、ASEM等技术进行性能比较,其结果表明,HSSIT在对抗节点摘要信息的篡改和伪造方面有更强的顽健性,在收敛性方面也有很大改善.最后,还对更一般情形下(即AS路径长度常在3~7之间)的DoS攻击路径进行了验证性重构,其域间和域内路径重合度分别为100%~98%和98%~90%,结果表明,HSSIT技术能准确重构攻击路径,实现对攻击源的溯源目的.%A novel hierarchical stateless single-packet IP traceback (for short HSS1T) technique was proposed. It not only implements the attack-path reconstruction of two level granularities (i.e., inter-domain and intra-domain), but also need not store any data in the core node. HSSIT redefines the optional field of IP packet head to store the digest information (including IP address and AS number) of path traveled by each IP packet in GBF data structure. As soon as the path reconstruction required, the victim can find the attack-rooted AS using GBFAs. And then the border router within the attack-rooted AS can easily search out the nearest router to the attack source using GBFIP. Compared with PPM, SPIE and ASEM by theory analysis and simulations, the results show that HSSIT outperforms in terms of robustness against tampering and counterfeiting node digest information, and the convergence. Finally, the attack-path reconstruction experiments for the general case (i.e., AS path length about 3~7) show that HSSIT's inter-domain coincidence degrees and intra-domain ones between original attack-path and reconstructed attack-path are within the ranges 100%~98% and 98%~90%, respectively. The experiments results demonstrate that HSSIT is able to accurately reconstruct attack-path to realize the traceback of attack source.
展开▼
