Round trip time to improve hop count filtering

Author

Mukaddam, Ayman ; Elhajj, Imad H.

Author_Institution

Fac. of Eng. & Archit., American Univ. of Beirut, Beirut, Lebanon

fYear

2012

fDate

28-29 May 2012

Firstpage

66

Lastpage

72

Abstract

Cyber attacks are a major threat to today´s Internet services. Most of these attacks utilize IP spoofing to conceal the actual source of the attack. In this paper, Hop Count Filtering (HCF), presented by Wang et al., is extended by utilizing both Round Trip Time (RTT) and Hop Count (HC) to detect IP spoofing where RTT calculation is possible. Based on one month traceroute data from 6 different sources to more than 380 destinations, an analysis is conducted to illustrate how the HC & RTT vary as seen by IPs in the same Autonomous System (AS) and same country, IPs in the same country but different AS, and IPs in different AS and different country. Results show that although IPs in the same AS have a high degree of similarity in terms of HC, the RTT can be used in conjunction with the HC to better differentiate between these IPs. RTT provides valuable information that would help improve the efficiency of HCF technique which solely relies on HC.

Keywords

IP networks; Internet; computer network security; AS; HCF technique; IP spoofing detection; Internet services; RTT calculation; autonomous system; cyber attacks; hop count filtering improvement; round trip time; Bandwidth; Computer crime; Filtering; IP networks; Probability; Probability density function; Receivers; Cyber Attacks; Hop Count; IP Spoofing; Round Trip Time;

fLanguage

English

Publisher

ieee

Conference_Titel

Broadband Networks and Fast Internet (RELABIRA), 2012 Symposium on

Conference_Location

Baabda

Print_ISBN

978-1-4673-2151-8

Electronic_ISBN

978-1-4673-2150-1

Type

conf

DOI

10.1109/RELABIRA.2012.6235096

Filename

6235096