Detecting IP Spoofing by Modelling History of IP Address Entry Points

Abstract : Since a lot of the networks do not apply source IP filtering to its outgoing traffic, an attacker may insert an arbitrary source IP address in an outgoing packet, i.e., IP address spoofing. This paper elaborates on a possibility to detect the spoofing in a large network peering with other networks. A proposed detection scheme is based on an analysis of NetFlow data collected at the entry points in the network. The scheme assumes that the network traffic originating from a certain source network enters the network under surveillance via a relatively stable set of points. The scheme has been tested on data from the real network.
Type de document :
Communication dans un congrès
Guillaume Doyen; Martin Waldburger; Pavel Čeleda; Anna Sperotto; Burkhard Stiller. 7th International Conference on Autonomous Infrastructure (AIMS), Jun 2013, Barcelona, Spain. Springer, Lecture Notes in Computer Science, LNCS-7943, pp.73-83, 2013, Emerging Management Mechanisms for the Future Internet. 〈10.1007/978-3-642-38998-6_9〉
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01489972
Contributeur : Hal Ifip <>
Soumis le : mardi 14 mars 2017 - 17:06:34
Dernière modification le : mardi 14 mars 2017 - 17:12:28
Document(s) archivé(s) le : jeudi 15 juin 2017 - 15:10:51

Fichier

978-3-642-38998-6_9_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Michal Kováčik, Michal Kajan, Martin Žádník. Detecting IP Spoofing by Modelling History of IP Address Entry Points. Guillaume Doyen; Martin Waldburger; Pavel Čeleda; Anna Sperotto; Burkhard Stiller. 7th International Conference on Autonomous Infrastructure (AIMS), Jun 2013, Barcelona, Spain. Springer, Lecture Notes in Computer Science, LNCS-7943, pp.73-83, 2013, Emerging Management Mechanisms for the Future Internet. 〈10.1007/978-3-642-38998-6_9〉. 〈hal-01489972〉

Partager

Métriques

Consultations de la notice

36

Téléchargements de fichiers

106