InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Abhrajit Ghosh Articles by Larry Wong Articles by Giovanni Di Crescenzo Articles by Rajesh Talpade

Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05)

Columbus, Ohio, USA

June 06-June 10

ISBN: 0-7695-2328-5

	ASCII Text	x
	Abhrajit Ghosh, Larry Wong, Giovanni Di Crescenzo, Rajesh Talpade, "InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 99-106, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.78, author = {Abhrajit Ghosh and Larry Wong and Giovanni Di Crescenzo and Rajesh Talpade}, title = {InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {99-106}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.78}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic SN - 1545-0678 SP99 EP106 A1 - Abhrajit Ghosh, A1 - Larry Wong, A1 - Giovanni Di Crescenzo, A1 - Rajesh Talpade, PY - 2005 KW - null VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Abhrajit Ghosh, Telcordia Technologies, Inc.

Larry Wong, Telcordia Technologies, Inc.

Giovanni Di Crescenzo, Telcordia Technologies, Inc.

Rajesh Talpade, Telcordia Technologies, Inc.

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.78

Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 Looking-Glass sites, and 30-days of Border Gateway Protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at Border Routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.

Citation:

Abhrajit Ghosh, Larry Wong, Giovanni Di Crescenzo, Rajesh Talpade, "InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic," icdcsw, vol. 2, pp.99-106, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.