Field of Invention
The present invention relates to the field of network communication, specifically, to a method and apparatus for tracing attack source in the case of abnormal network traffic.
Description of Related Arts
At present, the network-based attacks mostly take advantage of the limits of network resources and system resources or the imperfection of network protocols and authentication mechanisms themselves to launch a large-scale network attack in short time in order to consume the specific resources and attack the targets. The existing network security mechanisms including the intrusion detection system (IDS), firewall and virtual private network (VPN) as well as attack-tolerant techniques merely defense passively upon a network attack: for example, setting up a protection algorithms such as Random Drop, SYN Cookie, bandwidth restriction, or realizing linkage between IDS and firewall as well as analyzing attacks by technical experts, etc.
Most of the network security mechanisms as above work little. They can merely alleviate the network attacks rather than position the source of attack (that is, attack source). Thus, the network-based attacks have become a serious obstacle to current network information system. Moreover, the virtual nature of network itself causes very big difficulty upon enforcing laws.
As for the problems of related techniques as above, no effective solution has been put forward yet.