By Topic

InFilter: predictive ingress filtering to detect spoofed IP traffic

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)

Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 looking-glass sites, and 30-days of border gateway protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at border routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.

Published in:

Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on

Date of Conference:

6-10 June 2005