By Topic

A deployable approach for inter-AS anti-spoofing

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Bingyang Liu ; Network Research Center, Tsinghua University, Beijing 100084, PRC, Department of Computer Science, Tsinghua University, Tsinghua National Laboratory for Information Science and Technology (TNList) ; Jun Bi ; Yu Zhu

Filtering IP packets with spoofed source addresses not only improves network security, but also helps with network diagnosis and management. Compared with filtering spoofing packets at the edge of network which involves high deployment and maintenance cost, filtering at autonomous system (AS) borders is more cost-effective. Inter-AS anti-spoofing, as its name suggests, is implemented on AS border routers to filter spoofing packets before their entering or leaving an AS. Existing inter-AS anti-spoofing approaches focus on filtering efficiency, but lacks of deployability. In this paper we first introduce three properties of a deployable inter-AS anti-spoofing approach, incremental deployability, high deployment incentives and low deployment cost. Then we propose DIA, the first inter-AS anti-spoofing approach meeting the three properties. We present the design of DIA and evaluate its deployability with real Internet data. The evaluation results show that DIA provides high deployment incentives for Internet Service Providers by significantly mitigating spoofing based denial of service attacks. Our implementation proves that DIA can be easily implemented in commodity routers and minimize the deployment cost.

Published in:

2011 19th IEEE International Conference on Network Protocols

Date of Conference:

17-20 Oct. 2011