Title :
InFilter: predictive ingress filtering to detect spoofed IP traffic
Author :
Ghosh, Abhrajit ; Wong, Larry ; Di Crescenzo, Giovanni ; Talpade, Rajesh
Abstract :
Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 looking-glass sites, and 30-days of border gateway protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at border routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.
Keywords :
IP networks; Internet; packet switching; routing protocols; telecommunication security; telecommunication traffic; IP network traffic; InFilter approach; Internet targets; border gateway protocol; border routers; cyber-attacks; looking-glass sites; network-based detection; predictive ingress filtering; spoofed IP packets; Computer architecture; Computer crime; IP networks; Information analysis; Information filtering; Information filters; Internet; Software systems; Telecommunication traffic; Testing;
Conference_Titel :
Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on
Print_ISBN :
0-7695-2328-5
DOI :
10.1109/ICDCSW.2005.78
