CN101873258A - Probabilistic packet marking and attack source tracing method, system and device - Google Patents
Probabilistic packet marking and attack source tracing method, system and device Download PDFInfo
- Publication number
- CN101873258A CN101873258A CN201010192993A CN201010192993A CN101873258A CN 101873258 A CN101873258 A CN 101873258A CN 201010192993 A CN201010192993 A CN 201010192993A CN 201010192993 A CN201010192993 A CN 201010192993A CN 101873258 A CN101873258 A CN 101873258A
- Authority
- CN
- China
- Prior art keywords
- packet
- router
- jumping
- information
- ttl value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a probabilistic packet marking method, which comprises the following steps that: a relay router receives a packet, wherein the packet comprises hop number information of the packet; and the relay router determines marking probability according to the hop number information and marks the package according to the determined marking probability, wherein the larger the passed hop number of the router of the packet is, the lower the marking probability selected by the relay router is. The invention makes the marking probability of the router related with the passed hop number information of the packet, and if the passed hop number of the router of the packet is larger, the marking probability selected by the relay router is lower, so the selection of the marking probability can be optimized, the speed for reconfiguring attack paths is greatly increased, the influence on the path reconfiguration caused by forging marks by the attackers is eliminated, and the attack path can be better recovered.
Description
Technical field
The present invention relates to Internet technical field, particularly a kind of probabilistic packet marking and attack source tracing method, system and device.
Background technology
At present, along with the continuous development of Internet technology, the Internet has become indispensable part in people's life, but meanwhile network security problem also becomes more and more outstanding, problem such as network attack for example, network security problem has become the principal element of restriction internet development.
For the maintaining network security needs are reviewed the attack source, yet because the defective of ICP/IP protocol at the beginning of design, network is not verified the source address of packet at present, just carries out route according to destination address, and packet is forwarded to destination end.Therefore, the assailant just can utilize this leak cook source address, distance host or network are attacked, the victim often can't be effectively to attack real-time obstruct, follow the trail of trace to the source, accurately seat offence person, and responsibility investigation.
In order to overcome this shortcoming, the IP trace-back technique has been proposed at present, can determine to send the transfer path of the location of network nodes and the attack packets of attack packets by the IP trace-back technique, its tracing process carries out under the assistance of a series of routers.Such IP trace-back technique not only can be reviewed network attack, it is carried out legal sanction, the deterrence network crime, but also can carry out statistical analysis to the forward-path that data wrap in the network, thereby further optimize routing configuration, help network integrated planning and traffic engineering area research like this.At present, the probabilistic packet marking technology is a kind of in the IP trace-back technique, be specially, when attack packets process router, router needs the part routing information is marked in the attack packets with certain probability, the victim just can collect attack packets like this, and recovers attack path according to the routing information in the attack packets, thereby finds out the attack source.
The shortcoming that prior art exists is, the victim reconstructs attack path need receive very many packets, so speed of having slowed down the reconstruct attack path, in addition, therefore the mark that present various probabilistic packet marking technology can't the defensive attack person be forged also can cause the attack path of victim's reconstruct inaccurate.
Summary of the invention
Purpose of the present invention is intended to solve at least above-mentioned technological deficiency, and it is slow particularly to solve existing probabilistic packet marking technological attack reconstructing path speed, and the defective of the mark of can't the defensive attack person forging.
For achieving the above object, one aspect of the present invention proposes a kind of probabilistic packet marking method, may further comprise the steps: relay router receives packet, wherein, includes the jumping figure information of described packet process in the described packet; Determine marking probability with described relay router according to described jumping figure information, and described packet carried out mark that wherein, if the router hops of process is big more for described packet, then the marking probability of Xuan Zeing is low more with the described marking probability of determining.
The present invention has also proposed a kind of router on the other hand, comprising: the packet receiver module, be used to receive packet, and wherein, include the jumping figure information of described packet process in the described packet; And mark module, be used for determining marking probability, and described packet carried out mark that wherein, if the router hops of process is big more for described packet, then the marking probability of Xuan Zeing is low more with the described marking probability of determining according to described jumping figure information.
The present invention has also proposed a kind of attack source tracing method on the other hand, may further comprise the steps: first hop router receives the packet from Access Network, and is preset value with the jumping figure information setting in the described packet, and described packet is carried out mark; Relay router receives described first hop router or last and jumps the packet that relay router sends, and determine marking probability according to the jumping figure information in the described packet, and described packet is carried out mark with the described marking probability of determining, if the described packet router hops of process is big more, then the marking probability of Xuan Zeing is low more, wherein, described first hop router and described relay router upgrade described jumping figure information when transmitting described packet; Receive last one with destination host and jump a plurality of packets that relay router sends, and the attack source is reviewed according to the tag content in described a plurality of packets.
Further aspect of the present invention has also proposed a kind of attack source tracing system, comprise: at least one first hop router, be used to receive packet from Access Network, and be preset value with the jumping figure information setting in the described packet, and described packet carried out mark, and when transmitting described packet, upgrade described jumping figure information; One or more relay routers, be used to receive described first hop router or last and jump the packet that relay router sends, and determine marking probability according to the jumping figure information in the described packet, and described packet is carried out mark with the described marking probability of determining, if the described packet router hops of process is big more, then the marking probability of Xuan Zeing is low more, and wherein, described relay router upgrades described jumping figure information when transmitting described packet; And destination host, be used to receive one and jump a plurality of packets that relay router sends, and the attack source is reviewed according to the tag content in described a plurality of packets.
Further aspect of the present invention has also proposed a kind of router, comprising: receiver module is used to receive the packet from Access Network; With setting and mark module, the jumping figure information setting that is used for described packet is a preset value, and described packet is carried out mark.
The present invention is associated with the jumping figure information of packet process by the marking probability with router, and the described packet router hops of process is big more, then the marking probability of relay router selection is low more, therefore can optimize choosing of marking probability, greatly improve the speed of reconstruct attack path, and eliminate the assailant and forge the influence of mark, and the path of better resuming the attack to reconstructing path.
In addition, in a preferred embodiment of the invention, first hop router is after receiving the packet of Access Network, jumping figure information unification in this packet of meeting is set to a preset value, and packet carried out mark with 100% probability, thereby effectively the defensive attack person forges mark, further improves the accuracy of the attack path of reconstruct.
In addition, in another preferred embodiment of the present invention, ttl value in the selecting data bag is as the jumping figure information in the packet, such first hop router is after receiving the packet of Access Network, ttl value unification in this packet of meeting is set to a preset value, and when each relay router is transmitted this packet, this ttl value is upgraded in the capital, for example this ttl value is subtracted 1, each router is subtracting the ttl value in the described packet after 1 like this, if described ttl value is 0 or littler, then with described data packet discarding.
Aspect that the present invention adds and advantage part in the following description provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment below in conjunction with accompanying drawing, wherein:
Fig. 1 is the schematic diagram that a marking probability of the embodiment of the invention is selected;
Fig. 2 is the flow chart of the probabilistic packet marking method of the embodiment of the invention;
Fig. 3 is the router implementation algorithm schematic diagram of the embodiment of the invention;
Fig. 4 is the structure chart of the relay router of the embodiment of the invention;
Fig. 5 is the flow chart of the attack source tracing method of the embodiment of the invention;
Fig. 6 is the attack source tracing system construction drawing of the embodiment of the invention; With
Fig. 7 is the structure chart of first hop router of the embodiment of the invention.
Embodiment
Describe embodiments of the invention below in detail, the example of described embodiment is shown in the drawings, and wherein identical from start to finish or similar label is represented identical or similar elements or the element with identical or similar functions.Below by the embodiment that is described with reference to the drawings is exemplary, only is used to explain the present invention, and can not be interpreted as limitation of the present invention.
The present invention mainly is, when router carries out mark to packet, carry out related with the jumping figure information of this packet process marking probability, router is according to jumping figure Information Selection marking probability, and carry out mark according to the marking probability of selecting, wherein, if the router hops of process is big more for described packet, then the marking probability selected of relay router is low more.Therefore with respect to prior art with fixation probability selected marker probability, greatly optimized choosing of probability, make this packet the tag content of each router of process can be with in the received packet of the present destination host of identical probability volume.
As shown in Figure 1, the schematic diagram of selecting for marking probability of the embodiment of the invention, wherein, attacking main frame launches a offensive by the first hop router A, the first hop router A distance objective main frame D farthest, its marking probability maximum, for example in the present invention, its marking probability can be 100%, promptly necessary mark, the marking probability of relay router B and C is respectively 50% and 1/3, because the tag content of back router can cover the tag content of front router, so in the packet that destination host D receives, the first hop router A, the tag content of relay router B and C arrives destination host D with identical probability, thereby destination host D can be according to a plurality of packets that receive reconstruct attack path apace.
In a preferred embodiment of the invention, the person forges mark for defensive attack, first hop router is after the packet that receives the Access Network transmission, can be unified preset value with the jumping figure information setting of packet correspondence, and packet carried out mark with 100% probability, thereby effectively the defensive attack person forges mark.In further preferred embodiment, can revise TTL (Time To Live, the life span) value of packet, adopt ttl value to embody jumping figure information, each router all upgrades this ttl value when transmitting this packet, for example ttl value is subtracted 1 or add 1 etc.In one embodiment of the invention, each router just can calculate this packet router hops of process according to initial value and the currency of TTL after receiving this packet.Then, router is subtracting the ttl value in the described packet after 1, if described ttl value is 0 or littler, then with described data packet discarding.
The embodiment of the invention is not only applicable to the IPv4 network and is applicable to the Ipv6 network yet, and the network of evolution from now on also should adopt the present invention in addition.
As shown in Figure 2, be the flow chart of the probabilistic packet marking method of the embodiment of the invention, each relay router adopts this method selected marker probability also to carry out the data bag is carried out mark, and this method may further comprise the steps:
Step S201, relay router receives packet, wherein, include the jumping figure information of this packet process in this packet, this packet is sended over by first hop router or a last hop router, wherein, include jumping figure information in this packet, this jumping figure information can be embodied in the packet in every way, for example can adopt ttl value in this packet as jumping figure information, certainly those skilled in the art also can adopt other values in the packet as jumping figure information, perhaps increase the jumping figure information of a jumping figure information unit in order to this packet process of special record in packet newly.Router can be according to this jumping figure information calculations packet router hops of process.In embodiments of the present invention, can adopt the jumping figure information of multiple mode calculated data bag process, as a preferred embodiment of the present invention, when packet enters in first hop router for the first time, first hop router is provided with the jumping figure information of this packet, preferably the ttl value in the packet is set to unified preset value, each hop router all can upgrade this ttl value when transmitting this packet, like this each router jumping figure that just can obtain this packet according to preset value and the currency of this TTL.
Step S202, relay router is determined marking probability according to jumping figure information, and with the marking probability of determining packet is carried out mark, and upgrades the jumping figure information of this packet when transmitting this packet.Wherein, if the router hops of process is big more for described packet, then the marking probability selected of relay router is low more.Preferably, in one embodiment of the invention, this relay router probability that can serve as a mark with the inverse of the router hops of this packet process carries out mark to packet, the content of mark can be the address information of router, perhaps also can comprise range information between the router etc., the content of mark can adopt multiple mode.Certainly those skilled in the art can also other modes calculate marking probability, but according to the marking probability that the above-mentioned thought of the present invention is selected, all should be included within the protection range of the present invention.As shown in Figure 3, be the router implementation algorithm schematic diagram of the embodiment of the invention, wherein, t is the ttl value of packet, t
uBe unified TTL initial value, h is the transmission jumping figure of the router packet of inferring, for example selects t
u=64-256 is preferably 128, in embodiments of the present invention t
uBe that a bigger value gets final product so that the ttl value when this packet be 0 or littler after with this data packet discarding.Router is with this packet of 1/h mark, and therefore, the packet that has transmitted less jumping figure will be labeled with bigger probability, and the packet that has transmitted big jumping figure will be labeled with less probability.
The invention allows for a kind of relay router, as shown in Figure 4, be the structure chart of the relay router of the embodiment of the invention.This relay router 100 comprises packet receiver module 110 and mark module 120.Packet receiver module 110 is used to receive packet, wherein, includes the jumping figure information of this packet process in this packet.Mark module 120 is used for determining marking probability according to jumping figure information, and with the marking probability of determining packet carried out mark, and wherein, if the router hops of process is big more for described packet, then the marking probability selected of relay router is low more.In a preferred embodiment of the invention, can select the ttl value in the packet is jumping figure information.In another preferred embodiment of the present invention, mark module 120 carries out mark with the inverse of the router hops of this packet process probability that serves as a mark to packet.
In one embodiment of the invention, this relay router 100 also comprises update module 130, is used for upgrading when transmitting packet ttl value.
In one embodiment of the invention, this relay router 100 also comprises judge module 140 and discard module 150.Judge module 140 is used for update module 130 and subtracts after 1 at the ttl value with described packet, judges whether described ttl value is 0 or littler.Discard module 150 is used for judging that at judge module 140 described ttl value is 0 or more hour, with described data packet discarding.
As shown in Figure 5, be the flow chart of the attack source tracing method of the embodiment of the invention.Method by the embodiment of the invention can not only be reviewed attack source and reconstruct attack path quickly and accurately, and can the defensive attack person forge mark, further improves the accuracy of reconstruct.This method may further comprise the steps:
Step S501, first hop router receive the packet from Access Network, and are preset value with the jumping figure information setting in the described packet, and packet is carried out mark.In one embodiment of the invention, for example can be configured, be provided with, make it can know that oneself is first hop router of this Access Network for the router port that connects Access Network to first hop router.Like this, this port is provided with from the packet that Access Network sends each, is a unified preset value with the jumping figure information setting of packet, and packet is carried out mark with 100% probability, and the defensive attack person forges mark so effectively.In one embodiment of the invention, the ttl value of selecting data bag is as jumping figure information, router can calculate this packet router hops of process according to initial value and the currency of TTL, after the packet that receives the Access Network transmission, the ttl value of this packet is set to a preset value, for example unification is set to 128, and the ttl value of this packet is subtracted 1 operation.
In embodiments of the present invention, when packet was routed device and transmits in network, each router subtracted 1 with ttl value, and will to subtract 1 back ttl value be 0 or littler data packet discarding.Therefore, in the present invention, the jumping figure that packet can have been transmitted in network is to be associated with the ttl value of packet.
In addition, because different operating system is provided with different TTL initial values with different agreements to packet, and the initial ttl value of operating system all can be revised, for example, Windows can revise registration table, Linux and Unix can revise configuration file, and the assailant can forge different TTL initial values like this.Therefore, on first hop router, all TTL address setting from the packet of Access Network input are unified value in embodiments of the present invention.
Step S502, relay router receives first hop router or last and jumps the packet that relay router sends, and determine marking probability according to the jumping figure information in the described packet, and this packet is carried out mark with the marking probability of determining, if the described packet router hops of process is big more, the marking probability that then described relay router is selected is low more.Wherein, relay router all upgrades described jumping figure information when transmitting described packet, for example ttl value is subtracted 1 etc.Preferably, in one embodiment of the invention, the relay router probability that can serve as a mark with the inverse of the router hops of this packet process carries out mark to packet.
Step S503, destination host receive last one and jump a plurality of packets that relay router sends, and according to the tag content in a plurality of packets that receive the attack source are reviewed.
In a preferred embodiment of the invention, ttl value is subtracted 1, and will to subtract 1 back ttl value be 0 or littler data packet discarding at relay router.
The invention allows for a kind of attack source tracing system, as shown in Figure 6, be the attack source tracing system construction drawing of the embodiment of the invention, this system comprises at least one first hop router 200, one or more relay router 100, destination host 300 and attacks main frame 400.Attacking main frame 400 launches a offensive to destination host 300 by first hop router 200.First hop router 200 is used to receive the packet from Access Network, is preset value with the jumping figure information setting in the packet, and packet is carried out 100% mark and forge mark with the defence assailant, and upgrades jumping figure information when transmitting described packet.Relay router 100 is used to receive first hop router 200 or last and jumps the packet that relay router 100 sends, and determine marking probability according to the jumping figure information in the packet, and packet is carried out mark with the marking probability of determining, if the described packet router hops of process is big more, then the marking probability of relay router 100 selections is low more, wherein, relay router 100 upgrades jumping figure information when transmitting packet.In one embodiment of the invention, relay router 100 probability that can serve as a mark with the inverse of the router hops of this packet process carries out mark to packet.
In one embodiment of the invention, relay router 100 also is used for ttl value is subtracted 1, and will to subtract 1 back ttl value be 0 or littler data packet discarding.
As shown in Figure 7, be the structure chart of first hop router of the embodiment of the invention, this first hop router 200 comprises receiver module 210 and setting and mark module 220.Receiver module 210 is used to receive the packet from Access Network.Be provided with and jumping figure information setting that mark module 220 is used for packet is a preset value, and packet is carried out 100% mark, thereby can the defensive attack person forge mark.In a preferred embodiment of the invention, the ttl value in the packet is a jumping figure information, and router obtains the router hops that this packet has been transmitted according to initial value and the currency of TTL.Need to prove; corresponding different its position of attack path of router is different; it may be first hop router for a paths; and it may be exactly a relay router for another; therefore a router that proposes for the present invention; it can have the function of first hop router 200 (shown in Figure 7) and relay router 100 (shown in Figure 4) simultaneously; the module that has identical function more between the two can merge; certainly those skilled in the art should know that first hop router 200 (shown in Figure 7) and relay router 100 (shown in Figure 4) also can separate independent realization, and these all should be included within protection scope of the present invention.
In one embodiment of the invention, first hop router 200 also comprises update module 230, is used for upgrading when first hop router is transmitted packet ttl value.
The present invention is associated with the jumping figure information of packet process by the marking probability with router, if and described packet the router hops of process is big more, then the marking probability of relay router selection is low more, therefore can optimize choosing of marking probability, greatly improve the speed of reconstruct attack path, can position the attack source quickly, and the path of better resuming the attack.
In addition, in a preferred embodiment of the invention, first hop router is after receiving the packet of Access Network, jumping figure information unification in this packet of meeting is set to a preset value, and packet carried out mark with 100% probability, thereby effectively the defensive attack person forges mark, further improves the accuracy of the attack path of reconstruct.
In addition, in another preferred embodiment of the present invention, ttl value in the selecting data bag is as the jumping figure information in the packet, such first hop router is after receiving the packet of Access Network, ttl value unification in this packet of meeting is set to a preset value, and when each relay router is transmitted this packet, all can upgrade this ttl value, for example this ttl value be subtracted 1.And each router subtracts 1 with ttl value in embodiments of the present invention, and will to subtract 1 back ttl value be 0 or littler data packet discarding.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification that scope of the present invention is by claims and be equal to and limit to these embodiment.
Claims (22)
1. a probabilistic packet marking method is characterized in that, may further comprise the steps:
Relay router receives packet, wherein, includes the jumping figure information of described packet process in the described packet; With
Described relay router is determined marking probability according to described jumping figure information, and with the described marking probability of determining described packet is carried out mark, and wherein, if the jumping figure of process is big more for described packet, the marking probability that then described relay router is selected is low more.
2. probabilistic packet marking method as claimed in claim 1 is characterized in that, also comprises:
When described packet entered first hop router, described first hop router was a preset value with the jumping figure information setting of described packet, and described first hop router upgrades described jumping figure information when transmitting described packet.
3. probabilistic packet marking method as claimed in claim 2, it is characterized in that, life span ttl value in the described packet is described jumping figure information, described first hop router described ttl value after receiving described packet is set to preset value, and described relay router is determined the described packet router hops of process according to described ttl value.
4. probabilistic packet marking method as claimed in claim 3 is characterized in that, also comprises:
Described relay router upgrades described ttl value when transmitting described packet.
5. probabilistic packet marking method as claimed in claim 3 is characterized in that, also comprises,
Described relay router is subtracting the ttl value in the described packet after 1, if described ttl value is 0 or littler, then with described data packet discarding.
6. probabilistic packet marking method as claimed in claim 1 is characterized in that, described relay router determines that according to described jumping figure information marking probability comprises:
Described relay router is with the inverse of the router hops of the described packet process probability that serves as a mark.
7. a router is characterized in that, comprising:
The packet receiver module is used to receive packet, wherein, includes the jumping figure information of described packet process in the described packet; With
Mark module is used for determining marking probability according to described jumping figure information, and with the described marking probability of determining described packet is carried out mark, and wherein, if the router hops of process is big more for described packet, then the marking probability of Xuan Zeing is low more.
8. router as claimed in claim 7 is characterized in that, the life span ttl value in the described packet is described jumping figure information, and described router is determined the described packet router hops of process according to described ttl value.
9. router as claimed in claim 8 is characterized in that, also comprises:
Update module is used for upgrading described ttl value when transmitting described packet.
10. router as claimed in claim 8 is characterized in that, also comprises:
Judge module is used for subtracting after 1 at the ttl value with described packet, judges whether described ttl value is 0 or littler; With
Discard module is used for judging that at described judge module the ttl value of described packet is 0 or more hour, with described data packet discarding.
11. router as claimed in claim 7 is characterized in that, described mark module is with the inverse of the jumping figure of the described packet process probability that serves as a mark.
12. an attack source tracing method is characterized in that, may further comprise the steps:
First hop router receives the packet from Access Network, and is preset value with the jumping figure information setting in the described packet, and described packet is carried out mark;
Relay router receives described first hop router or last and jumps the packet that relay router sends, and determine marking probability according to the jumping figure information in the described packet, and described packet is carried out mark with the described marking probability of determining, if the described packet router hops of process is big more, then the marking probability of Xuan Zeing is low more, wherein, described first hop router and described relay router upgrade described jumping figure information when transmitting described packet; With
Destination host receives a plurality of packets through mark, and according to the tag content in described a plurality of packets the attack source is reviewed.
13. attack source tracing method as claimed in claim 12 is characterized in that, wherein, the ttl value in the described packet is described jumping figure information, and described relay router is determined the described packet router hops of process according to described ttl value.
14. attack source tracing method as claimed in claim 13 is characterized in that, also comprises: described relay router is subtracting the ttl value in the described packet after 1, if described ttl value is 0 or littler, then with described data packet discarding.
15. attack source tracing method as claimed in claim 13 is characterized in that, described relay router is with the inverse of the router hops of the described packet process probability that serves as a mark.
16. an attack source tracing system is characterized in that, comprising:
At least one first hop router is used to receive the packet from Access Network, and is preset value with the jumping figure information setting in the described packet, and described packet is carried out mark, and upgrades described jumping figure information when transmitting described packet;
One or more relay routers, be used to receive described first hop router or last and jump the packet that relay router sends, and determine marking probability according to the jumping figure information in the described packet, and described packet is carried out mark with the described marking probability of determining, if the described packet router hops of process is big more, then the marking probability of Xuan Zeing is low more, and wherein, described relay router upgrades described jumping figure information when transmitting described packet; With
Destination host receives a plurality of packets through mark, and according to the tag content in described a plurality of packets the attack source is reviewed.
17. attack source tracing as claimed in claim 16 system is characterized in that the ttl value in the described packet is described jumping figure information, described relay router is determined the described packet router hops of process according to described ttl value.
18. attack source tracing as claimed in claim 17 system is characterized in that described relay router also is used for subtracting after 1 at the ttl value with described packet, if described ttl value is 0 or littler, then with described data packet discarding.
19. attack source tracing as claimed in claim 17 system is characterized in that, described relay router is with the inverse of the router hops of the described packet process probability that serves as a mark.
20. a router is characterized in that, comprising:
Receiver module is used to receive the packet from Access Network; With
Be provided with and mark module, the jumping figure information setting that is used for described packet is a preset value, and described packet is carried out mark.
21. router as claimed in claim 20 is characterized in that, the ttl value in the described packet is described jumping figure information, and described router described ttl value after receiving described packet is set to preset value.
22. router as claimed in claim 21 is characterized in that, also comprises:
Update module is used for upgrading described ttl value when described router is transmitted described packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010192993A CN101873258A (en) | 2010-06-07 | 2010-06-07 | Probabilistic packet marking and attack source tracing method, system and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010192993A CN101873258A (en) | 2010-06-07 | 2010-06-07 | Probabilistic packet marking and attack source tracing method, system and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101873258A true CN101873258A (en) | 2010-10-27 |
Family
ID=42997929
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010192993A Pending CN101873258A (en) | 2010-06-07 | 2010-06-07 | Probabilistic packet marking and attack source tracing method, system and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101873258A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196481A (en) * | 2011-06-07 | 2011-09-21 | 中兴通讯股份有限公司 | Network status report method, detection method, device and system |
| CN102447694A (en) * | 2011-11-03 | 2012-05-09 | 富春通信股份有限公司 | IPv6 network false source address data packet tracking method and device |
| CN102905338A (en) * | 2012-10-11 | 2013-01-30 | 常州大学 | Method for constructing relay paths of mobile nodes in wireless access network |
| CN103354539A (en) * | 2012-11-29 | 2013-10-16 | 北京安天电子设备有限公司 | Method and system for restoring attacking path based on IPv6 network features |
| CN105656691A (en) * | 2016-03-11 | 2016-06-08 | 中南大学 | Marking method based on unequal probabilities during log and migration trace source tracking in wireless sensor network |
| CN105681276A (en) * | 2015-12-25 | 2016-06-15 | 亿阳安全技术有限公司 | Sensitive information leakage active monitoring and responsibility confirmation method and device |
| CN105792212A (en) * | 2016-02-29 | 2016-07-20 | 中南大学 | Fair probability marking based trace tracking method in wireless sensor network |
| CN109120602A (en) * | 2018-07-25 | 2019-01-01 | 中国人民公安大学 | A kind of IPv6 attack source tracing method |
| WO2019132764A1 (en) * | 2017-12-26 | 2019-07-04 | Agency For Science, Technology And Research | Tracing traffic in the internet |
| CN110932971A (en) * | 2019-05-23 | 2020-03-27 | 北京航空航天大学 | Inter-domain path analysis method based on layer-by-layer reconstruction of request information |
| CN112910851A (en) * | 2021-01-16 | 2021-06-04 | 中国电子科技集团公司第十五研究所 | Data packet marking and tracing device based on knowledge graph |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1777182A (en) * | 2005-12-06 | 2006-05-24 | 南京邮电大学 | Efficient safety tracing scheme based on flooding attack |
| US20070206605A1 (en) * | 2006-03-01 | 2007-09-06 | New Jersey Institute Of Technology | Autonomous System-Based Edge Marking (ASEM) For Internet Protocol (IP) Traceback |
-
2010
- 2010-06-07 CN CN201010192993A patent/CN101873258A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1777182A (en) * | 2005-12-06 | 2006-05-24 | 南京邮电大学 | Efficient safety tracing scheme based on flooding attack |
| US20070206605A1 (en) * | 2006-03-01 | 2007-09-06 | New Jersey Institute Of Technology | Autonomous System-Based Edge Marking (ASEM) For Internet Protocol (IP) Traceback |
Non-Patent Citations (2)
| Title |
|---|
| 《信息技术》 20100531 刘竹等 基于动态概率包标记的DDOS攻击源追踪技术研究 第74-76页 1-22 , 第5期 2 * |
| 《计算机工程》 20080430 张立莉等 一种改进的概率包标记方案 第148-150页 1-22 第34卷, 第7期 2 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196481A (en) * | 2011-06-07 | 2011-09-21 | 中兴通讯股份有限公司 | Network status report method, detection method, device and system |
| CN102447694A (en) * | 2011-11-03 | 2012-05-09 | 富春通信股份有限公司 | IPv6 network false source address data packet tracking method and device |
| CN102447694B (en) * | 2011-11-03 | 2014-10-15 | 富春通信股份有限公司 | IPv6 network false source address data packet tracking method and device |
| CN102905338A (en) * | 2012-10-11 | 2013-01-30 | 常州大学 | Method for constructing relay paths of mobile nodes in wireless access network |
| CN103354539A (en) * | 2012-11-29 | 2013-10-16 | 北京安天电子设备有限公司 | Method and system for restoring attacking path based on IPv6 network features |
| CN103354539B (en) * | 2012-11-29 | 2016-05-11 | 北京安天电子设备有限公司 | A kind of attack path method of reducing and system based on IPv6 network characterization |
| CN105681276B (en) * | 2015-12-25 | 2019-07-05 | 亿阳安全技术有限公司 | A kind of sensitive information leakage actively monitoring and confirmation of responsibility method and apparatus |
| CN105681276A (en) * | 2015-12-25 | 2016-06-15 | 亿阳安全技术有限公司 | Sensitive information leakage active monitoring and responsibility confirmation method and device |
| CN105792212A (en) * | 2016-02-29 | 2016-07-20 | 中南大学 | Fair probability marking based trace tracking method in wireless sensor network |
| CN105792212B (en) * | 2016-02-29 | 2019-01-04 | 中南大学 | A kind of tracing method based on fair probabilistic packet marking in wireless sensor network |
| CN105656691A (en) * | 2016-03-11 | 2016-06-08 | 中南大学 | Marking method based on unequal probabilities during log and migration trace source tracking in wireless sensor network |
| CN105656691B (en) * | 2016-03-11 | 2018-11-09 | 中南大学 | Based on daily record and the unequal probability labeling method in migration tracing in wireless sensor network |
| WO2019132764A1 (en) * | 2017-12-26 | 2019-07-04 | Agency For Science, Technology And Research | Tracing traffic in the internet |
| US11588833B2 (en) | 2017-12-26 | 2023-02-21 | Agency For Science, Technology And Research | Tracing traffic in the internet |
| CN109120602A (en) * | 2018-07-25 | 2019-01-01 | 中国人民公安大学 | A kind of IPv6 attack source tracing method |
| CN109120602B (en) * | 2018-07-25 | 2020-12-25 | 中国人民公安大学 | IPv6 attack tracing method |
| CN110932971B (en) * | 2019-05-23 | 2020-11-24 | 北京航空航天大学 | Inter-domain path analysis method based on layer-by-layer reconstruction of request information |
| CN110932971A (en) * | 2019-05-23 | 2020-03-27 | 北京航空航天大学 | Inter-domain path analysis method based on layer-by-layer reconstruction of request information |
| CN112910851A (en) * | 2021-01-16 | 2021-06-04 | 中国电子科技集团公司第十五研究所 | Data packet marking and tracing device based on knowledge graph |
| CN112910851B (en) * | 2021-01-16 | 2021-10-15 | 中国电子科技集团公司第十五研究所 | Data packet marking and tracing device based on knowledge graph |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101873258A (en) | Probabilistic packet marking and attack source tracing method, system and device | |
| US8792388B2 (en) | Network system, controller, method and program | |
| US20190140927A1 (en) | Service chain fault detection method and apparatus | |
| CN104604192B (en) | MPLS Segment routings | |
| JPWO2005036831A1 (en) | Frame relay device | |
| CN110636001A (en) | Method for sending network performance parameters and calculating network performance and network node | |
| CN107925624A (en) | Message forwarding method, device and system based on business function chain SFC | |
| EP2552060A1 (en) | Information system, control apparatus, method of controlling virtual network, and program | |
| CN108206814A (en) | A kind of method, apparatus and system for defending DNS attacks | |
| CN102498694A (en) | Communication system, forwarding node, path management server, communication method, and program | |
| CN105075194A (en) | Indexed segment ID | |
| CN107317751A (en) | Use the reciprocity engineering in the outlet of the IPv4 IPv6 addresses mapped | |
| KR100693053B1 (en) | Apparatus and method for routing for 6to4 network | |
| US8395999B2 (en) | Real-time detection of failed inter-node link in network | |
| CN104202314B (en) | A kind of method and device for preventing DDOS attack | |
| CN104081749B (en) | The address resolution of DAD-NS triggerings for dos attack protection | |
| CN108566336A (en) | A kind of network path acquisition methods and equipment | |
| CN107342939A (en) | The method and apparatus for transmitting data | |
| CN108965267A (en) | network attack processing method, device and vehicle | |
| EP2833585A1 (en) | Communication system, upper layer switch, control device, switch control method, and program | |
| CN107809382A (en) | The path detection of ratio is completed using side | |
| EP1513316A3 (en) | Communication system and communication control method | |
| EP3016322B1 (en) | Packet forwarding method and device | |
| CN102427425A (en) | Configuration method and device for LDP (Label Distribution Protocol) remote neighbour | |
| CN105847072A (en) | Method and device for detecting transmission path of data stream in software defined network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101027 |