本篇論文主要是針對分散式阻絕服務攻擊提出的解決方案,由於目前的網路協定屬於IPv4架構,存在無法確認來源端的問題,且此種攻擊不易防禦進而威脅到商業主機營運。在Yaar等人提出的PI架構利用路徑編碼資訊來抵禦攻擊,藉由完整二元樹演算法(Complete Binary Tree)將網路架構進行編碼程序能夠獲得良好的效果,然而根據網路測量顯示出網路上的路由器有27%的網路卡超過2張,顯示PI架構無法滿足真實網路架構,接著Gao等人提出了Color架構來解決PI架構網路卡數之問題,尚有不足之處。因此本研究繼續藉由利用位元編碼(Bits-Encoding)方式對路由器的網路卡編碼成2位元來記錄路徑,其次藉由雜湊路徑上第一台路由器的網路卡獲得Path Signature (PS) Number資訊,經由此兩種觀念改變原有架構效能,除了滿足真實網路架構和改善路徑追蹤效能,也能夠對可能的攻擊路徑數目減少至最低。 In this paper,we present a solution for Distributed Denial of Service Attack. Owing to the insecurity design of IP Protocol,it could not identify source. And those online company might be threatened and lost a lot of money. Yaar presented PI scheme to use path-encoding information against the attack. It is good to proceed to encode internet framework with the complete binary tree. However,The CAIDA study show that only 27% interfaces is more than 2 interfaces. After that, Gao improved the problem of insufficient interfaces of PI scheme. But it is not enough for the scheme. By Bit-Encoding and PS-Number information ,We strengthen the above-mentioned schemes. It could either improve the efficiency of Traceback and decrease the possible of attack paths.
