Coordination of Anti-Spoofing Mechanisms in Partial Deployments
- Authors
- An, Hyok; Lee, Heejo; Perrig, Adrian
- Issue Date
- 12월-2016
- Publisher
- KOREAN INST COMMUNICATIONS SCIENCES (K I C S)
- Keywords
- DDoS attacks; Internet protocol (IP) spoofing prevention; network security; packet filtering; packet marking
- Citation
- JOURNAL OF COMMUNICATIONS AND NETWORKS, v.18, no.6, pp.948 - 961
- Indexed
- SCIE
SCOPUS
KCI
- Journal Title
- JOURNAL OF COMMUNICATIONS AND NETWORKS
- Volume
- 18
- Number
- 6
- Start Page
- 948
- End Page
- 961
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/86782
- DOI
- 10.1109/JCN.2016.000129
- ISSN
- 1229-2370
- Abstract
- Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the antispoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal antispoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Computer Science and Engineering > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.