InFilter: predictive ingress filtering to detect spoofed IP traffic

InFilter: predictive ingress filtering to detect spoofed IP traffic

Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ghosh, A., Wong, L., Di Crescenzo, G., Talpade, R.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer architecture
Computer crime
Information analysis
Information filtering
Information filters
Internet
IP networks
Software systems
Telecommunication traffic
Testing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 106
container_issue
container_start_page 99
container_title
container_volume
creator Ghosh, A.
Wong, L.
Di Crescenzo, G.
Talpade, R.
description Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 looking-glass sites, and 30-days of border gateway protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at border routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.
doi_str_mv 10.1109/ICDCSW.2005.78
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1437163</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1437163</ieee_id><sourcerecordid>1437163</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-e9cc0a11afd053963b47efc14092c5eb60036afc67ff09882851a5081d8e9e2e3</originalsourceid><addsrcrecordid>eNotjEtLxDAURoMPsIzdunGTP9Dx3qR5uZPqaGFAQcXlkElvJDJOSxME_72D-m0OhwMfYxcIS0RwV3132z2_LQWAWhp7xCohpWiU1vqY1c5YMNopIYXVJ6xC1aoGtLFnrM75Aw5rFRopK9b1-1XaFZqv-TTTkEJJX8TT_n2mnHn8TQfjZeQDFQqF52kcIw28f-Jl9jGmcM5Oo99lqv-5YK-ru5fuoVk_3vfdzbpJaFRpyIUAHtHHAZR0Wm5bQzFgC04ERVsNILWPQZsYwVkrrEKvwOJgyZEguWCXf7-JiDbTnD79_L3BVhrUUv4AKGtMig</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>InFilter: predictive ingress filtering to detect spoofed IP traffic</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Ghosh, A. ; Wong, L. ; Di Crescenzo, G. ; Talpade, R.</creator><creatorcontrib>Ghosh, A. ; Wong, L. ; Di Crescenzo, G. ; Talpade, R.</creatorcontrib><description>Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 looking-glass sites, and 30-days of border gateway protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at border routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.</description><identifier>ISSN: 1545-0678</identifier><identifier>ISBN: 9780769523286</identifier><identifier>ISBN: 0769523285</identifier><identifier>EISSN: 2332-5666</identifier><identifier>DOI: 10.1109/ICDCSW.2005.78</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer architecture ; Computer crime ; Information analysis ; Information filtering ; Information filters ; Internet ; IP networks ; Software systems ; Telecommunication traffic ; Testing</subject><ispartof>25th IEEE International Conference on Distributed Computing Systems Workshops, 2005, p.99-106</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1437163$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,4036,4037,27904,54898</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1437163$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Ghosh, A.</creatorcontrib><creatorcontrib>Wong, L.</creatorcontrib><creatorcontrib>Di Crescenzo, G.</creatorcontrib><creatorcontrib>Talpade, R.</creatorcontrib><title>InFilter: predictive ingress filtering to detect spoofed IP traffic</title><title>25th IEEE International Conference on Distributed Computing Systems Workshops</title><addtitle>ICDCSW</addtitle><description>Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 looking-glass sites, and 30-days of border gateway protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at border routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.</description><subject>Computer architecture</subject><subject>Computer crime</subject><subject>Information analysis</subject><subject>Information filtering</subject><subject>Information filters</subject><subject>Internet</subject><subject>IP networks</subject><subject>Software systems</subject><subject>Telecommunication traffic</subject><subject>Testing</subject><issn>1545-0678</issn><issn>2332-5666</issn><isbn>9780769523286</isbn><isbn>0769523285</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2005</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjEtLxDAURoMPsIzdunGTP9Dx3qR5uZPqaGFAQcXlkElvJDJOSxME_72D-m0OhwMfYxcIS0RwV3132z2_LQWAWhp7xCohpWiU1vqY1c5YMNopIYXVJ6xC1aoGtLFnrM75Aw5rFRopK9b1-1XaFZqv-TTTkEJJX8TT_n2mnHn8TQfjZeQDFQqF52kcIw28f-Jl9jGmcM5Oo99lqv-5YK-ru5fuoVk_3vfdzbpJaFRpyIUAHtHHAZR0Wm5bQzFgC04ERVsNILWPQZsYwVkrrEKvwOJgyZEguWCXf7-JiDbTnD79_L3BVhrUUv4AKGtMig</recordid><startdate>2005</startdate><enddate>2005</enddate><creator>Ghosh, A.</creator><creator>Wong, L.</creator><creator>Di Crescenzo, G.</creator><creator>Talpade, R.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>2005</creationdate><title>InFilter: predictive ingress filtering to detect spoofed IP traffic</title><author>Ghosh, A. ; Wong, L. ; Di Crescenzo, G. ; Talpade, R.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-e9cc0a11afd053963b47efc14092c5eb60036afc67ff09882851a5081d8e9e2e3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Computer architecture</topic><topic>Computer crime</topic><topic>Information analysis</topic><topic>Information filtering</topic><topic>Information filters</topic><topic>Internet</topic><topic>IP networks</topic><topic>Software systems</topic><topic>Telecommunication traffic</topic><topic>Testing</topic><toplevel>online_resources</toplevel><creatorcontrib>Ghosh, A.</creatorcontrib><creatorcontrib>Wong, L.</creatorcontrib><creatorcontrib>Di Crescenzo, G.</creatorcontrib><creatorcontrib>Talpade, R.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Ghosh, A.</au><au>Wong, L.</au><au>Di Crescenzo, G.</au><au>Talpade, R.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>InFilter: predictive ingress filtering to detect spoofed IP traffic</atitle><btitle>25th IEEE International Conference on Distributed Computing Systems Workshops</btitle><stitle>ICDCSW</stitle><date>2005</date><risdate>2005</risdate><spage>99</spage><epage>106</epage><pages>99-106</pages><issn>1545-0678</issn><eissn>2332-5666</eissn><isbn>9780769523286</isbn><isbn>0769523285</isbn><abstract>Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 looking-glass sites, and 30-days of border gateway protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at border routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.</abstract><pub>IEEE</pub><doi>10.1109/ICDCSW.2005.78</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1545-0678
ispartof 25th IEEE International Conference on Distributed Computing Systems Workshops, 2005, p.99-106
issn 1545-0678
2332-5666
language eng
recordid cdi_ieee_primary_1437163
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer architecture
Computer crime
Information analysis
Information filtering
Information filters
Internet
IP networks
Software systems
Telecommunication traffic
Testing
title InFilter: predictive ingress filtering to detect spoofed IP traffic
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-28T00%3A16%3A22IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=InFilter:%20predictive%20ingress%20filtering%20to%20detect%20spoofed%20IP%20traffic&rft.btitle=25th%20IEEE%20International%20Conference%20on%20Distributed%20Computing%20Systems%20Workshops&rft.au=Ghosh,%20A.&rft.date=2005&rft.spage=99&rft.epage=106&rft.pages=99-106&rft.issn=1545-0678&rft.eissn=2332-5666&rft.isbn=9780769523286&rft.isbn_list=0769523285&rft_id=info:doi/10.1109/ICDCSW.2005.78&rft_dat=%3Cieee_6IE%3E1437163%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1437163&rfr_iscdi=true