Cart (Loading....) | Create Account
Close category search window
 

On the use of Enhanced Bogon Lists (EBLs) to detect malicious traffic

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)

Spoofed IP traffic (traffic containing packets with incorrect source IP addresses) is often used by Internet-based attackers for anonymity. This method reduces the risk of trace-back and avoids attack detection by traffic-based sensors. In general, attackers may use randomly or selectively chosen IP address space to serve as source IP addresses on attack packets. The IP address allocation process creates room for bogons as well as other prefix space that is either unallocated or semi-dark, i.e. allocated but not in operational use. In this paper, we detail novel techniques to construct filters that cover unallocated and semi-dark space. We then evaluate the use of such IP source prefix filters using efficient filtering techniques on an enterprise network and the correlations of such source IP addresses with malicious traffic or bad actors. Our initial results indicate that there is a high degree of correlation between dark or semi-dark source IP prefix space and malicious traffic. As such, it may be feasible for network operators to deploy effective filters based on dark or semi-dark source IP prefix space that block malicious traffic with a low degree of false positives. Further, the presence of such traffic can serve as an early warning of DoS or other attacks.

Published in:

Computing, Networking and Communications (ICNC), 2012 International Conference on

Date of Conference:

Jan. 30 2012-Feb. 2 2012

Need Help?


IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.