Coordination of anti-spoofing mechanisms in partial deployments

Hyok An, Heejo Lee, Adrian Perrig

Research output: Contribution to journalArticle

Abstract

Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the antispoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal antispoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.

Original languageEnglish
Article number000129
Pages (from-to)948-961
Number of pages14
JournalJournal of Communications and Networks
Volume18
Issue number6
DOIs
Publication statusPublished - 2016 Dec 1

Keywords

  • DDoS attacks
  • Internet protocol (IP) spoofing prevention
  • Network security
  • Packet filtering
  • Packet marking

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Coordination of anti-spoofing mechanisms in partial deployments'. Together they form a unique fingerprint.

  • Cite this