关键词: IP反向追踪, 包标记, 评价与模拟, DDoS

Abstract: The most promising probabilistic packet marking (PPM) schemes were evaluated based on the basis of the received packet number required for reconstructing the attacking path, computation complexity and false positive etc. We construct a simulation environment via extending ns2, setting attacking topology and traffic, which can be used to evaluate and compare the effectiveness of different PPM schemes. The simulation approach can also be used to test the performing effects of different PPM schemes in large-scale DDoS attacks. Based on the evaluation and simulation results, several improvable aspects of PPM are proposed, which can increase real-time of IP traceback efficiently.

Key words: IP traceback, packet marking, evaluation and simulation, DDoS