Title :
A trust-based approach against IP-spoofing attacks
Author :
Gonzalez, Jesus M. ; Anwar, Mohd ; Joshi, James B D
Author_Institution :
Grad. Program in Telecommun. & Networking, Univ. of Pittsburgh, Pittsburgh, PA, USA
Abstract :
IP-spoofing attacks remain one of the most damaging attacks in which an attacker replaces the original source IP address with a new one. Using the existing attacking tools to launch IP spoofing attacks, an attacker can now easily compromise access routers and not only the end-hosts. In this paper, we propose a trust-based approach using a Bayesian inference model that evaluates the trustworthiness of an access router with regards to forwarding packets without modifying their source IP address. The trust values for the access routers is computed by a judge router that samples all traffic being forwarded by the access routers. The simulation results show that our approach effectively detects malicious access routers. The results also show that our approach has a low impact on the network performance when no attack is present, and that it introduces little overhead traffic.
Keywords :
IP networks; belief networks; computer network security; inference mechanisms; telecommunication network routing; telecommunication traffic; Bayesian inference model; IP address; IP spoofing attacks; access routers; judge router; overhead traffic; packet forwarding; trust-based approach; trustworthiness evaluation; Delay; Filtering; Fires; IP networks; Monitoring; Probes; Routing protocols; Access Router; Autonomous System; Bayesian Inference; IP-spoofing; Trust;
Conference_Titel :
Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4577-0582-3
DOI :
10.1109/PST.2011.5971965
