InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic

Columbus, Ohio, USA June 06-June 10

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.78

Second International Workshop on Secu ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Abhrajit Ghosh Articles by Larry Wong Articles by Giovanni Di Crescenzo Articles by Rajesh Talpade

	ASCII Text	x
	Abhrajit Ghosh, Larry Wong, Giovanni Di Crescenzo, Rajesh Talpade, "InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 99-106, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.78, author = {Abhrajit Ghosh and Larry Wong and Giovanni Di Crescenzo and Rajesh Talpade}, title = {InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {99-106}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.78}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic SN - 1545-0678 SP99 EP106 A1 - Abhrajit Ghosh, A1 - Larry Wong, A1 - Giovanni Di Crescenzo, A1 - Rajesh Talpade, PY - 2005 KW - null VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Abhrajit Ghosh, Telcordia Technologies, Inc.

Larry Wong, Telcordia Technologies, Inc.

Giovanni Di Crescenzo, Telcordia Technologies, Inc.

Rajesh Talpade, Telcordia Technologies, Inc.

Cyber-attackers often use incorrect source IP addresses in attack packets (spoofed IP packets) to achieve anonymity, reduce the risk of trace-back and avoid detection. We present the predictive ingress filtering (InFilter) approach for network-based detection of spoofed IP packets near cyber-attack targets. Our InFilter hypothesis states that traffic entering an IP network from a specific source frequently uses the same ingress point. We have empirically validated this hypothesis by analysis of trace-routes to 20 Internet targets from 24 Looking-Glass sites, and 30-days of Border Gateway Protocol-derived path information for the same 20 targets. We have developed a system architecture and software implementation based on the InFilter approach that can be used at Border Routers of large IP networks to detect spoofed IP traffic. Our implementation had a detection rate of about 80% and a false positive rate of about 2% in testbed experiments using Internet traffic and real cyber-attacks.

Citation:

Abhrajit Ghosh, Larry Wong, Giovanni Di Crescenzo, Rajesh Talpade, "InFilter: Predictive Ingress Filtering to Detect Spoofed IP Traffic," icdcsw, vol. 2, pp.99-106, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.