Detail publikace

Detecting IP-spoofing by modelling history of IP address entry points

Originální název

Detecting IP-spoofing by modelling history of IP address entry points

Anglický název

Detecting IP-spoofing by modelling history of IP address entry points

Jazyk

en

Originální abstrakt

Since most of the networks do not apply source IP filtering rules to its outgoing traffic an attacker may insert an arbitrary source IP address in an outgoing packet, so called IP-spoofing. This paper elaborates on a possibility to detect IP spoofing in networks with more than one entry point. A novel detection scheme is proposed. It is based on an analysis of NetFlow data collected at the entry points.The scheme assumes that the network traffic originating from a certain source network enters the observed network via relatively stable set of points which is lower than the total number of entry points. The scheme has been tested on data from a real network.

Anglický abstrakt

Since most of the networks do not apply source IP filtering rules to its outgoing traffic an attacker may insert an arbitrary source IP address in an outgoing packet, so called IP-spoofing. This paper elaborates on a possibility to detect IP spoofing in networks with more than one entry point. A novel detection scheme is proposed. It is based on an analysis of NetFlow data collected at the entry points.The scheme assumes that the network traffic originating from a certain source network enters the observed network via relatively stable set of points which is lower than the total number of entry points. The scheme has been tested on data from a real network.

BibTex


@inproceedings{BUT103465,
  author="Michal {Kováčik} and Michal {Kajan} and Martin {Žádník}",
  title="Detecting IP-spoofing by modelling history of IP address entry points",
  annote="Since most of the networks do not apply source IP filtering rules to its outgoing
traffic an attacker may insert an arbitrary source IP address in an outgoing
packet, so called IP-spoofing.
This paper elaborates on a possibility to detect IP spoofing in networks with
more than one entry point. A novel detection scheme is proposed. It is based on
an analysis of NetFlow data collected at the entry points.The scheme assumes that
the network traffic originating from a certain source network enters the observed
network via relatively stable set of points which is lower than the total number
of entry points.
The scheme has been tested on data from a real network.",
  address="Springer Verlag",
  booktitle="Emerging Management Mechanisms for the Future Internet",
  chapter="103465",
  doi="10.1007/978-3-642-38998-6_9",
  edition="Lecture Notes in Computer Science",
  howpublished="print",
  institution="Springer Verlag",
  number="06",
  year="2013",
  month="june",
  pages="73--83",
  publisher="Springer Verlag",
  type="conference paper"
}