摘要： 为了改进概率包标记方案的性能，提出两个能追踪大规模拒绝服务攻击可变概率包标记方案。采用可变概率标记，可识别和排除攻击者虚假标记信息。通过在路由器中记录IP地址发送状态，对包分片进行有序发送，降低了受害者重构路径时所需接收包的数量。

关键词: IP包追踪, 网络安全, 包标记

Abstract: The paper proposes two schemes which enhances the performance of PPM in following aspects. Because of ingenious design, the schemes can be used to tackle large-scale DDoS. And due to adopting varational probabilistic packet marking, they can recognize and eliminate spoofed marking inscribed by the attacker intentionally. By recording the state of IP address transmission in router and transmiting the packets fragments in order, the schemes can significantly reduce the number of packets required for path reconstruction.

Key words: IP traceback, network security, packet marking

中图分类号: 

• TP18