According to the FMS marking idea and using cryptographic digital signature, a self-adaptive hash digital signature marking scheme AHSM is designed, which means that the routers that the packet passed by will give a hash digital signature with a variable probability. Using hash digital signatures, the signature processing speed is fast, false positive is low and the over head of reconstruction attack path is low. It makes the IP address anti-tampered, and makes the user non-deniable. Furthermore it can effectively defend against routers being tampered. With a variable probability, it will take fewer packets to reconstruct the attack path, thus the victim could respond to attack more promptly.%依据FMS标记思想,结合密码学的数字签名方法,设计了自适应hash签名标记方案AHSM.该方案是在包经过的路由器处,路由器按一个变化的概率对包进行hash签名.采用hash签名,签名速度快、误报率低、重构开销小,实现了IP地址的防篡改和发送者的不可否认,能有效地防止路由器假冒.采用变化的概率,可以减少受害者重构攻击路径时所需的数据包数,提高了追踪速度.
展开▼