为了提高对分布式拒绝服务(DDoS)攻击源反向追踪的效率和准确度,提出了一个新算法,此算法在AMS(Advanced Marking Schemes)算法的基础之上与自治系统(AS)相结合,将路由器分成两类分别进行标记,从而减少了标记路由器的个数及被标记数据包的数目,提高了重构路径的效率和可靠性.理论分析及仿真结果证明,相对于AMS算法,新算法明显提高了IP反向追踪的性能.%In order to improve the efficiency and accuracy of traceback for DDoS attackers, a new scheme is presented. This scheme is based on advanced marking scheme (AMS), and it works with autonomous system(AS). Within each autonomous system, router is divided into two categories-border routers and internal routers. By different types of routers using different markers, then it consequently reduces the number of routers involved in marking and the number of marked packets, further improves the efficiency and reliability of the reconstruction of the path. Simulation results from the experiments show that obtained results are the same as theoretical results. Performance analysis and simulation experiment results shows, compared with the conventional methods, the new algorithm improves the performance of IP trace back technique obviously.
展开▼
