Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

An incrementally deployable anti-spoofing mechanism for software-defined networks

Authors
Kwon, JonghoonSeo, DongwonKwon, MinjinLee, HeejoPerrig, AdrianKim, Hyogon
Issue Date
15-6월-2015
Publisher
ELSEVIER SCIENCE BV
Keywords
Distributed DoS attack; IP spoofing prevention; Packet marking and filtering; BGP-based anti-spoofing extension; SDN security
Citation
COMPUTER COMMUNICATIONS, v.64, pp.1 - 20
Indexed
SCIE
SCOPUS
Journal Title
COMPUTER COMMUNICATIONS
Volume
64
Start Page
1
End Page
20
URI
https://scholar.korea.ac.kr/handle/2021.sw.korea/93252
DOI
10.1016/j.comcom.2015.03.003
ISSN
0140-3664
Abstract
Internet attacks often use IF spoofing to forge the source IF address of packets, and thereby hide the identity of the source. It causes many serious security problems such as the difficulty of packet authenticity and IP traceback. While many IP spoofing prevention techniques have been proposed apart from ingress filtering, none have achieved widespread real-world use. One main reason is the lack of properties favoring incremental deployment, an essential component for new technology adoption. An incrementally deployable protocol should have three properties: initial benefits for early adopters, incremental benefits for subsequent adopters, and effectiveness under partial deployment. Since no previous antispoofing solution satisfies all three properties, we propose an anti-spoofing mechanism called "BGP-based Anti-Spoofing Extension" (BASE). BASE is an anti-spoofing protocol designed to fulfill the incremental deployment properties. Furthermore, BASE is designed to work in the software-defined networks (SDN). It gives a motivation to network operators to adopt BASE into their network, since the idea of SDN supports the large scale network control with a simple operation. Based on simulations using a model of Internet connectivity, BASE shows desirable IP spoofing prevention capabilities under partial deployment. We find that just 30% deployment can drop about 97% of attack packets. It is shown that BASE not only provides benefits to early adopters, but also outperforms previous anti-spoofing mechanisms. (C) 2015 Elsevier B.V. All rights reserved.
Files in This Item
There are no files associated with this item.
Appears in
Collections
Graduate School > Department of Computer Science and Engineering > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Lee, Hee jo photo

Lee, Hee jo
컴퓨터학과
Read more

Altmetrics

Total Views & Downloads

BROWSE