基于iTrace_v6的IPv6网络攻击溯源研究

doi:10.3969/j.issn.1671-1122.2020.03.011

摘要/Abstract

摘要：

网络攻击追踪溯源技术作为一种主动的安全防御反制技术,是信息安全技术体系中应急响应的重要技术手段。IPv4网络的网络攻击溯源技术已有大量的研究成果,但由于路由器算力有限、对链路负面影响较大、日志系统部署困难等因素,一些溯源技术只能停滞在实验验证阶段;已成型的一些网络攻击回溯系统也存在着存储开销大、需要较多人工干预等方面的缺陷;在IPv6网络中,IP数据报格式、路由协议等发生了较大的改变,并且新出现的邻居发现协议等使得网络攻击手段更加多样,IPv6网络迫切需要高效稳定的网络攻击溯源方法。结合IPv6网络的特点,文章提出了一种基于iTrace_v6的IPv6网络攻击溯源方案,通过双重触发机制提高溯源包生成的效率,能够在显著减少对攻击持续时间依赖的情况下完成攻击路径的还原,通过区间阈值的使用来避免对网络链路的负面影响。基于NS3的仿真网络实验表明,本文算法性能优于已有的算法。

关键词: 溯源, 网络攻击, IPv6, iTrace_v6

Abstract:

Network attack traceback technology, as an active security defense countermeasure technology, is an important technical means for emergency response in the information security technology system. Network attack traceability technology for IPv4 networks has a lot of research results, but due to the limited computing power of routers, some factors have a large negative impact on the link, and the log system is difficult to deploy. Some source tracing technologies can only stagnate in the experimental verification stage. Some established network attack retrospective systems also have shortcomings such as large storage overhead and requiring more manual intervention. In IPv6 networks, IP datagram formats, routing protocols, etc. have undergone major changes, and the emergence of new neighbor discovery protocols has made network attack methods more diverse. IPv6 networks urgently need efficient and stable methods for tracing the source of network attacks. Combining the characteristics of IPv6 networks, this paper proposes an IPv6 network attack traceability solution based on iTrace_v6, which improves the efficiency of generating traceability packets through a dual trigger mechanism. It can complete the restoration of the attack path while significantly reducing the dependence on attack duration. The use of thresholds to avoid the negative impact on the network link. The simulation of the network based on NS3 shows that iTrace_v6 has better performance than the existing algorithms.

Key words: traceback, network attacks, IPv6, iTrace_v6

中图分类号:

TP309

王腾飞, 蔡满春, 芦天亮, 岳婷. 基于iTrace_v6的IPv6网络攻击溯源研究[J]. 信息网络安全, 2020, 20(3): 83-89.

WANG Tengfei, CAI Manchun, LU Tianliang, YUE Ting. IPv6 Network Attack Source Tracing Method Based on iTrace_v6[J]. Netinfo Security, 2020, 20(3): 83-89.

图/表 10

图1

图2

图3

图4

图5

图6

图7

表1

表2

表3

参考文献 20

[1]	SANDERS C, SMITH J.Applied Network Security Monitoring: Collection, Detection, and Analysis[M]. New York: Syngress Publishing, 2013.
[2]	CHEN Zhouguo, PU Shi, ZHU Shixiong.General Traceback Technical Framework for Internet.[J] Computer Systems & Applications, 2012, 21(9): 166-170.
	陈周国,蒲石,祝世雄.一种通用的互联网追踪溯源技术框架[J].计算机系统应用,2012,21(9):166-170.
[3]	CHEN Zhouguo, PU Shi, ZHU Shixiong.Levels Analysis of Network Attack Traceback.[J] Computer Systems & Applications, 2014, 23(1): 1-7.
	陈周国,蒲石,祝世雄.网络攻击追踪溯源层次分析[J].计算机系统应用,2014,23(1):1-7.
[4]	ALENEZI M, REED M J.IP Traceback Methodologies[C]// IEEE . 2011 3rd Computer Science and Electronic Engineering Conference (CEEC), July 13-14,2011, Colchester, UK. New York:IEEE, 2011: 98-102.
[5]	BELLOVIN S. ICMP Traceback Message[EB/OL]. , 2019-9-15.
[6]	BABA T, MATSUDA S.Tracing Network Attacks to Their Sources[J]. IEEE Internet Computing, 2002, 6(2): 1-26.
[7]	FENG Bo, GUO Fan, TAN Suwen.Attack Source Traceback Scheme Based on Probabilistic Packet Marking for IPv6 Network[J]. Computer Engineering and Applications, 2016, 52(6): 102-106.
	冯波,郭帆,谭素雯.基于IPv6的概率包标记路径溯源方案[J].计算机工程与应用, 2016, 52(6):102-106.
[8]	ZHU Tian, TIAN Ye, MA Di, et al.Packet Verification Based Traceback Method for IPv6 Translation Mechanism[J]. Journal of Computer Applications, 2013, 33(4): 926-930.
	朱田,田野,马迪,等.基于包验证的面向IPv6翻译机制的IP追溯方法[J].计算机应用, 2013, 33(4):926-930.
[9]	YANG M, YANG M.RIHT: A Novel Hybrid IP Traceback Scheme[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(2): 789-797.
[10]	SINGH K, SINGH P, KUMAR K, et al.A Systematic Review of IP Traceback Schemes for Denial of Service Attacks[J]. Computers & Security, 2016, 25(8): 111-139.
[11]	MANKIN A, MASSEY D, WU ChienLung, et al. On Design and Evaluation of Intention-Driven ICMP Traceback[C]// IEEE. Proceedings Tenth International Conference on Computer Communications and Networks, October 15-17, 2002, Scottsdale, AZ, USA. New York:IEEE, 2002: 3-28.
[12]	SAURABH S, SAIRAM A S.ICMP based IP Traceback with Negligible Overhead for Highly Distributed Reflector Attack Using Bloom Filters[J]. Computer Communications, 2014, 42(2): 60-69.
[13]	GAO Z.Tracing Cyber Attacks from the Practical Perspective[J]. IEEE Communications Magazine, 2005, 43(5): 123-131.
[14]	MURUGESAN V, SHALINIE M, YANG M H.Design and Analysis of Hybrid Single Packet IP Traceback Scheme[J]. Iet Networks, 2018, 7(3): 141-151.
[15]	CARPENTER B. Transmission and Processing of IPv6 Extension Headers [EB/OL].,2019-9-15.
[16]	MANDHAR V, RANGA V. IP Traceback Schemes for DDoS Attack[EB/OL]. , 2019-9-15.
[17]	KAMALDEEP K, MALIK M, DUTTA M.Implementation of single-Packet Hybrid IP Traceback for IPv4 and IPv6 Networks[J]. IET Information Security, 2018, 12(1): 1-6.
[18]	PARASHAR A, RADHAKRISHNAN R. Improved Deterministic Packet Marking Algorithm for IPv6 Traceback[EB/OL]. , 2019-9-15.
[19]	YIM H B , JUNG J I . IP Traceback Algorithm for DoS/DDoS Attack[EB/OL]. , 2019-9-15.
[20]	LU Ning, WANG Shangguang, LI Feng, et al.Dynamically Scalable and Efficient Approach for Single-Packet Traceback[J]. Journal of Software, 2018, 29(11): 320-340.
	鲁宁,王尚广,李峰.可动态扩展的高效单包溯源方法[J].软件学报, 2018, 29(11):320-340.

路由器跳数	iTrace_v6算法	AMS算法	改进的AMS算法
路由器跳数	溯源包	标记包	标记包
1	1	151	16
2	2	199	18
3	3	301	18
4	5	348	26
5	7	407	28
6	9	450	36
7	12	497	48
8	14	522	56
9	15	548	70
10	48	612	78

溯源模式	路由器跳数	经过路由器的包的个数	溯源标记或者溯源包个数
iTrace_v6 算法	第1跳	N	N_P
	第2跳	N(1+p)	Np(1+p)
	第3跳	N(1+p)²	Np(1+p)²
	…	…	…
	第d跳	N(1+p)^d^-1	Np(1+p)^d^-1
AMS 算法	第1跳	N	N_P
	第2跳	N	N_P
	第3跳	N	N_P
	…	…	…
	第d跳	N	N_P

	Delay sum/s	Jitter sum/s	Rx-packets/个	Mean delay/s	Mean jitter/s
无溯源	6560	38.9	6850	0.9576	0.0056
1%取样率	6500	38.5	6788	0.9575	0.0056
5%取样率	6614	37.21	5374	1.1446	0.0069