• DocumentCode
    3592709
  • Title

    Intrusion Detection System with packet filtering for IP Spoofing

  • Author

    Manusankar, C. ; Karthik, S. ; Rajendran, T.

  • Author_Institution
    Dept. of CSE, SNS Coll. of Technol., Coimbatore, India
  • fYear
    2010
  • Firstpage
    563
  • Lastpage
    567
  • Abstract
    IP Spoofing is a problem without an easy solution, since it´s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.. Intrusion Detection System (IDS) has been used to secure these environments for sharing their data over network and host based IDS approaches. The rapid improvements of intrusions in internet and other networks are the main factors responsible for the propagation of different threats and vulnerabilities in the computing environment. Now a days the Ids makes use of the signature based detection approach which detects the actions based on analyzing the patterns such as text, password, time etc. So this will create difficulties in updating information and detecting unknown attacks. In this paper we make use of an improved EADS (Exception Agent Detection System) for making the header information secure. Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines. In this paper, we also propose an inter-domain packet_filter (IDPF) architecture that can mitigate the level of IP spoofing on the Interne together with the IDS. We establish the conditions under which the IDPF framework works correctly in that it does not discard packets with valid source addresses. In this paper we propose an improved behavioral method for combating the unknown threats other tha- the usual context and content scanning techniques.
  • Keywords
    IP networks; Internet; digital signatures; security of data; IP spoofing attack; Internet; TCP/IP network; content scanning techniques; cracking techniques; exception agent detection system; interdomain packet filter architecture; intrusion detection system; malicious cloaking; packet filtering; signature based detection; Computer architecture; Computer science; Educational institutions; Filtering; IP networks; Intrusion detection; Exception agent system; IP spoofing; Intrusion detection system; Local area network; packet filter;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communication and Computational Intelligence (INCOCCI), 2010 International Conference on
  • Type

    conf

  • Filename
    5738791