Packet Filtering Based on Source Router Marking and Hop-Count

Dublin, Ireland October 15-October 18

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/LCN.2007.128

32nd IEEE Conference on Local Compute ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kashif Ali Articles by Mohammad Zulkernine Articles by Hossam Hassanein

	ASCII Text	x
	Kashif Ali, Mohammad Zulkernine, Hossam Hassanein, "Packet Filtering Based on Source Router Marking and Hop-Count," Local Computer Networks, Annual IEEE Conference on, pp. 1061-1068, 32nd IEEE Conference on Local Computer Networks (LCN 2007), 2007.

	BibTex	x
	@article{ 10.1109/LCN.2007.128, author = {Kashif Ali and Mohammad Zulkernine and Hossam Hassanein}, title = {Packet Filtering Based on Source Router Marking and Hop-Count}, journal ={Local Computer Networks, Annual IEEE Conference on}, volume = {0}, year = {2007}, issn = {0742-1303}, pages = {1061-1068}, doi = {http://doi.ieeecomputersociety.org/10.1109/LCN.2007.128}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Local Computer Networks, Annual IEEE Conference on TI - Packet Filtering Based on Source Router Marking and Hop-Count SN - 0742-1303 SP1061 EP1068 A1 - Kashif Ali, A1 - Mohammad Zulkernine, A1 - Hossam Hassanein, PY - 2007 KW - null VL - 0 JA - Local Computer Networks, Annual IEEE Conference on ER -

Kashif Ali, Queen's University, Canada

Mohammad Zulkernine, Queen's University, Canada

Hossam Hassanein, Queen's University, Canada

Denial of Service (DoS) attacks impose an increasingly growing threat to the Internet. These attacks result in wastage of scarce Internet resources and service disruptions. Existing packet filtering schemes are deployable at either source, intermediate or victim networks. In this paper, we propose a hybrid of the source and the victim networks-based packet filtering approach, Source Router marking and Hop-Count (SRHC), to detect and filter high-rate traffic flows and IP-spoofing attacks. Packets are marked at the source network based on their arrival rate threshold. At a victim network, the spoofed packets are marked based on the IP source arrival rate using their respective TTL value. Both source and victim networks collaborate to filter high-rate and IP-spoofing attacks. The ns-2 simulator is used to generate attack scenarios. Our simulation results show that the SRHC scheme effectively filters out high-rate and IP-spoofing attack packets, with minimal collateral damage.

Citation:

Kashif Ali, Mohammad Zulkernine, Hossam Hassanein, "Packet Filtering Based on Source Router Marking and Hop-Count," lcn, pp.1061-1068, 32nd IEEE Conference on Local Computer Networks (LCN 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.