A new proactive defense model based on intrusion deception and traceback

Abstract

Along with the fast development of the Internet, the traditional passive defense measures have shortcomings and can not deal with the increasingly serious network security problems better. In this paper, a proactive network defense scheme is presented. And a new model of DTPM (Intrusion Deception and Traceback-based Proactive Defense Model) is established, which protects the precious network resources with the cooperation of intrusion deception and traceback. In the traceback module of DTPM, an improved approach APPM based on the PPM (Probabilistic Packet Marking) is developed, which makes up for the deficiency of the PPM in real-time capability and flexibility. By way of analyzing and comparing with other methods, this approach can decrease the overloads of many aspects and make traceback more efficient. The simulation experiment indicates the high performance and efficiency of this scheme. © 2008 Springer-Verlag Berlin Heidelberg.