基于iTrace_v6的IPv6网络攻击溯源研究

IPv6 Network Attack Source Tracing Method Based on iTrace_v6

网络攻击追踪溯源技术作为一种主动的安全防御反制技术,是信息安全技术体系中应急响应的重要技术手段。IPv4网络的网络攻击溯源技术已有大量的研究成果,但由于路由器算力有限、对链路负面影响较大、日志系统部署困难等因素,一些溯源技术只能停滞在实验验证阶段;已成型的一些网络攻击回溯系统也存在着存储开销大、需要较多人工干预等方面的缺陷;在IPv6网络中,IP数据报格式、路由协议等发生了较大的改变,并且新出现的邻居发现协议等使得网络攻击手段更加多样,IPv6网络迫切需要高效稳定的网络攻击溯源方法。结合IPv6网络的特点,文章提出了一种基于iTrace_v6的IPv6网络攻击溯源方案,通过双重触发机制提高溯源包生成的效率,能够在显著减少对攻击持续时间依赖的情况下完成攻击路径的还原,通过区间阈值的使用来避免对网络链路的负面影响。基于NS3的仿真网络实验表明,本文算法性能优于已有的算法。

Network attack traceback technology,as an active security defense countermeasure technology,is an important technical means for emergency response in the information security technology system.Network attack traceability technology for IPv4 networks has a lot of research results,but due to the limited computing power of routers,some factors have a large negative impact on the link,and the log system is difficult to deploy.Some source tracing technologies can only stagnate in the experimental verification stage.Some established network attack retrospective systems also have shortcomings such as large storage overhead and requiring more manual intervention.In IPv6 networks,IP datagram formats,routing protocols,etc.have undergone major changes,and the emergence of new neighbor discovery protocols has made network attack methods more diverse.IPv6 networks urgently need efficient and stable methods for tracing the source of network attacks.Combining the characteristics of IPv6 networks,this paper proposes an IPv6 network attack traceability solution based on iTrace_v6,which improves the efficiency of generating traceability packets through a dual trigger mechanism.It can complete the restoration of the attack path while significantly reducing the dependence on attack duration.The use of thresholds to avoid the negative impact on the network link.The simulation of the network based on NS3 shows that iTrace_v6 has better performance than the existing algorithms.