In recent years, DoS (Denial of Service) attacks and more powerful DDoS (Distributed DoS) attacks have posed security problems on the Internet. For countermeasure to these attacks, it is important to trace attackers and stop the attacks. However, since information about the attackers is "spoofed," such attacks are difficult to trace. Therefore, a method of identifying attackers is required. Savage and colleagues proposed a method of tracing flooding attacks by using "marked" packets. This method, however, involves problems in gathering the attack packets through numerous hops. In this paper, we propose a method of resolving this problem by observing the features of the attack traffic and changing the "marking probability" in the routers. We implement algorithms of both our proposed method and the extended marking method to estimate their efficiency. The experimental results confirm the effectiveness of the proposed method.

• 出版日期2011-12