In recent years, DoS (Denial of Service) attack and more powerful DDoS (Distributed DoS) attack pose security problems on the Internet. As the measure to these attacks, it is important to trace attackers and stop the attacks. However, since information of the attacker is “spoofed”, it is difficult to trace. Therefore, the method of specifying attackers is required. Savage et al. proposed a method to trace flooding attacks by “marked” packets. This method, however, has some problems gathering the attack packets through a lot of hops. In this paper, we propose a method to solve this problem by observing the feature of attack traffic and change the “marking probability” of the routers. We implement algorithms both of our proposed method and extending marking method to estimate the efficiency of them. From the results of some experiments, we will conclude the effectiveness of our proposed scheme.
J-STAGEがリニューアルされました! https://www.jstage.jst.go.jp/browse/-char/ja/
