关键词: IPv6 DDoS 源追踪 SPIE

Abstract:

IP traceback technologies judge the real locations of attacks and they can facilitate stopping on-going attacks. The current IP traceback technologies log the address of routers the packet passed by overloading the 16-bit IP Identification field used for fragmentation in the IPv4 header and they can not be applied to IPv6. In this paper, a new IP traceback scheme based on the improved SPIE in IPv6 is given, which logs audit trails for traffic within   the network by the Bloom filters. In addition to reducing the storage requirements,storing digests preserves traffic confidentiality. It is suitable for IP traceback in DDoS attacks together with tracing a single packet.

Key words: IPv6, DDoS, IP traceback, SPIE