Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates
Journal Title: IOSR Journals (IOSR Journal of Computer Engineering) - Year 2015, Vol 17, Issue 5
Abstract
Abstract: The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this paper, we propose an inter-domain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. A key feature of our scheme is that it doesnot require global routing information. IDPFs are constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers. We establish the conditions underwhich the IDPF framework correctly works in that it does not discard packets with valid source addresses. Based on extensive simulation studies, we show that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.
Authors and Affiliations
Shyam Chandran. P
Keywords
Related Articles
- EP ID EP106172
- DOI -
- Views 109
- Downloads 0
The Architectural Design of Healthcare Service with Big-Data Storing Mechanism
Abstract: Healthcare is the diagnosis, treatment, and prevention of disease, illness, injury, and other physical and mental impairments in human beings. Healthcare is delivered by practitioners in allied health, de...
Selfish Node Detection in Replica Allocation over MANETs
: MOBILE ad hoc networks (MANETs) have attracted a lot of attention due to the popularity of mobile devices and the advances in wireless communication technologies. A MANET is a peer-to-peer multi hop mobile wire...
Efficient Audit Services for Data Outsourcing in Clouds
Abstract: This paper introduce a dynamic audit service for integrity verification of untrusted and outsourcedstorages. Our audit service is constructed based on the techniques, fragment structure, random sampling,...
Survey and Comparative Study on Resource Allocation Strategies in Cloud Computing Environment
Cloud computing is an essential ingredient of modern computing systemsCloud computing provides an on demand service because it offers dynamic resource allocation for reliable and highly available services in pay as-you-c...
Agriculture Ontology for Sustainable Development in Nigeria
Nigeria, a country of more than 160 million people; also, the biggest oil exporter in Africa [1] Nigeria with her oil wealth, food security, and unemployment remains a serious problem. Shortage and increase in...