基于IPv6的概率包标记路径溯源方案

Attack source traceback scheme based on probabilistic packet marking for IPv6 network

针对现有IPv6路由追踪技术匮乏,以及IPv4路由追踪技术不能直接移植到IPv6网络环境中的问题,根据IPv6的自身特点,提出了一种基于概率包标记的IPv6攻击源追踪方案。该方案在原有IPv4概率包标记方法的基础上进行了有效的改进,重新规划标记区域,分别在IPv6的基本报头和扩展报头上划分合适的标识域和信息域,既解决标记空间不足的问题,又能规范标记信息的存放秩序;采用动态标记概率,区分对待未标记数据包和已标记数据包,解决标记信息覆盖问题,同时,优化标记算法,实现IPv6网络环境下路径追踪的快速、准确。理论分析与实验结果表明,该方案能有效追踪攻击源,且效果优于原IPv4追踪技术。

There are few existing IP traceback technologies for IPv6 networks and most IP traceback technologies for IPv4 networks can not be applied to IPv6 without any change. This paper proposes an IPv6 attack source traceback scheme based on probabilistic packet marking according to the features of IPv6. It improves traceback method based on the original IPv4 traceback technology. It selects new marking area, designs identify area and information area which exist in IPv6 basic header and extension header. In this way, it not only solves the problem of insufficient marking space, but also regulates marking information. It uses dynamic marking probability, distinguishing between untagged packets and tagged packets to solve the problem of repeat marking. At the same time, it improves marking algorithm, making IP traceback in IPv6 networks faster and more accurate. Theoretic analysis and simulation results prove that it can find attack source effectively and is more useful than original IPv4 traceback technology.