Abstract :
The ipv6 security architecture, IPSec, plays a positive role in the protection of IPv6 networks. To some special attacks, especially DDoS attacks, IPSec appears relatively weak, because IPSec can only defend against DDoS attacks that spoof their source addresses. In cases where attackers launch DDoS attacks with their real identity, IPSec is helpless. This paper proposes a link signature based DDoS attacker tracing algorithm. It can immediately reconstruct the entire attack path after suffering a DDoS attack whether or not the source addresses are spoofed. To verify the validity of our algorithm, we implemented it under a simulated IPv6 environment with the OMNeT++ IPv6Suite.
Keywords :
IP networks; digital signatures; telecommunication security; IPv6 security architecture; OMNeT++; link signature based DDoS attacker tracing algorithm; Algorithm design and analysis; Asia; Communication system traffic control; Computer architecture; Computer crime; Computer science; Computer security; Internet; Protection; Protocols;
