CSDL Home I ICDCSW 2005 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops
Columbus, Ohio, USA
June 6, 2005 to June 10, 2005
Abhrajit Ghosh , Telcordia Technologies, Inc.
Larry Wong , Telcordia Technologies, Inc.
Giovanni Di Crescenzo , Telcordia Technologies, Inc.
Rajesh Talpade , Telcordia Technologies, Inc.
Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 Looking-Glass sites, and 30-days of Border Gateway Protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at Border Routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.
Abhrajit Ghosh, Larry Wong, Giovanni Di Crescenzo, Rajesh Talpade, "InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic", ICDCSW, 2005, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops 2005, pp. 99-106, doi:10.1109/ICDCSW.2005.78