Skip to Main content Skip to Navigation
Conference papers

Detecting IP Spoofing by Modelling History of IP Address Entry Points

Abstract : Since a lot of the networks do not apply source IP filtering to its outgoing traffic, an attacker may insert an arbitrary source IP address in an outgoing packet, i.e., IP address spoofing. This paper elaborates on a possibility to detect the spoofing in a large network peering with other networks. A proposed detection scheme is based on an analysis of NetFlow data collected at the entry points in the network. The scheme assumes that the network traffic originating from a certain source network enters the network under surveillance via a relatively stable set of points. The scheme has been tested on data from the real network.
Complete list of metadatas

Cited literature [18 references]  Display  Hide  Download

https://hal.inria.fr/hal-01489972
Contributor : Hal Ifip <>
Submitted on : Tuesday, March 14, 2017 - 5:06:34 PM
Last modification on : Thursday, February 7, 2019 - 3:47:45 PM
Document(s) archivé(s) le : Thursday, June 15, 2017 - 3:10:51 PM

File

978-3-642-38998-6_9_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Michal Kováčik, Michal Kajan, Martin Žádník. Detecting IP Spoofing by Modelling History of IP Address Entry Points. 7th International Conference on Autonomous Infrastructure (AIMS), Jun 2013, Barcelona, Spain. pp.73-83, ⟨10.1007/978-3-642-38998-6_9⟩. ⟨hal-01489972⟩

Share

Metrics

Record views

88

Files downloads

977