Coordination of Anti-Spoofing Mechanisms in Partial Deployments
Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the anti-spoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal anti-spoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.
- CERT, "Cert advisory ca-1996-21 TCP SYN flooding and IP spoofing attacks," Sept. 1996.
- H. Lee, M. Kwon, G. Hasker, and A. Perrig, "BASE: An incrementally deployable mechanism for viable IP spoofing prevention," in Proc. ACM AsiaCCS, 2007, pp. 20-31.
- D. Lee. (2014, Feb.). Huge hack 'ugly sign of future' for Internet threats. BBC. [Online]. Available: http://www.bbc.com/news/technology-2613 6774.
- C. Rossow, "Amplification hell: Revisiting network protocols for DDoS abuse," NDSS, Feb. 2014, pp. 23-26.
- A. Mangla. (2006). Distributed reflection denial of service: A bandwidth attack. [Online]. Aviliable: http://palpapers.plynt.com/issues/2006Apr/ddos-reflection/
- G. Yao, J. Bi, and A. V. Vasilakos, "Passive IP traceback: Disclosing the locations of IP spoofers from path backscatter," IEEE Trans. Inf. Forensics and Security, vol. 10, no. 3, pp. 471-484, 2015.
- CAIDA. (2016). The UCSD Network Telescope. [Online]. Available: https://www.caida.org/projects/network_telescope/
- R. Beverly, A. Berger, Y. Hyun, and k. claffy, "Understanding the efficacy of deployed Internet source address validation filtering," ACM SIGCOMM IMC, Nov. 2009, pp. 356-369.
- J. Kwon et al., "An incrementally deployable anti-spoofing mechanism for software-defined networks," Comput. Commun., vol. 64, pp. 1-20, 2015.
- F. Baker and P. Savola, "Ingress filtering for multihomed networks," BCP 84, RFC 3704, Mar., Tech. Rep., 2004.
- K. Park and H. Lee, "On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets," in Proc. ACM SIGCOMM, Aug. 2001, pp. 15-26.
- D. Anstee, J. Escobar, C. Chui, and G. Sockrider, "Worldwide infrastructure security report volume X," Arbor Networks, Tech. Rep., 2015.
- A. Yaar, A. Perrig, and D. Song, "Pi: A path identification mechanism to defend against DDoS attacks," IEEE S&P, pp. 93-107, 2003.
- S. T. Zargar, J. Joshi, and D. Tipper, "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks," Commun. Surveys Tuts., vol. 15, no. 4, pp. 2046-2069, 2013.
- P. Ferguson and D. Senie, "Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing," BCP 38, RFC 2827 May, Tech. Rep., 2000.
- A. Yaar, A. Perrig, and D. Song, "StackPi: New packet marking and filtering mechanisms for DDoS and IP spoofing defense," IEEE J. Sel. Areas Commun., vol. 24, no. 10, pp. 1853-1863, 2006.
- G. Yao, J. Bi, and P. Xiao, "VASE: Filtering IP spoofing traffic with agility," Comput. Netw., vol. 57, no. 1, pp. 243-257, 2013.
- B. Liu, J. Bi, and A. Vasilakos, "Towards incentivizing anti-spoofing deployment," IEEE Trans. Inf. Forensics Security, vol. 9, no. 3, pp. 436-450, Mar. 2014.
- H.Wang, C. Jin, and K. G. Shin, "Defense against spoofed IP traffic using hop-count filtering," IEEE/ACM Trans. Netw., vol. 15, no. 1, pp. 40-53, Feb. 2007.
- M. Abliz, "Internet denial of service attacks and defense mechanisms," Tech. Rep. TR-11-178, 2011.
- S. Yu, W. Zhou, S. Guo, and M. Guo, "A dynamical deterministic packet marking scheme for DDoS traceback," in Proc. IEEE GLOBECOM,2013, pp. 729-734.
- D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, "Inferring internet denial-of-service activity," ACM Trans. Comput. Syst., vol. 24, no. 2, pp. 115-139, 2006.
- J. Markoff and N. Perlroth. (2013, Mar.). Firm is accused of sending spam, and fight jams Internet. The New York Times. [Online]. Available: http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?smid=pl-share
- M. Anagnostopoulos, G. Kambourakis, P. Kopanos, G. Louloudakis, and S. Gritzalis, "DNS amplification attack revisited," Computers & Security, vol. 39, pp. 475-485, 2013.
- D. Lee. (2013, Mar.). Global Internet slows after 'biggest attack in history'. BBC. [Online]. Available: http://www.bbc.co.uk/news/technology-21954636
- R. Lemos. (2014, Jan). Amplified DDoS attacks broke bandwidth records in 2013: Arbor report. eWeek. [Online]. Available: http://www.eweek.com/security/amplified-ddos-attacks-broke-bandwidth-records-in-2013-arbor-report.html
- A. Liska. (2013, Dec.). Hackers spend Christmas break launching large scale NTP-reflection attacks. Symantec. [Online]. Available: http://www.symantec.com/connect/blogs/hackers-spend-christmasbreak- launching-large-scale-ntp-reflection-attacks
- R. Beverly and S. Bauer. (2016). ANA Spoofer Project. [Online]. Availble: http://spoofer.cmand.org/
- T. Ehrenkranz and J. Li, "On the state of IP spoofing defense," ACMTrans. Internet Technol., vol. 9, no. 2, p. 6, 2009.
- F. Baker et al., "Addressing the challenge of IP spoofing," Internet Society, Tech. Rep., 2015.
- S. Yu, G. Wang, and W. Zhou, "Modeling malicious activities in cyber space," IEEE Netw., vol. 29, no. 6, pp. 83-87, 2015.
- D. Seo, H. Lee, and A. Perrig, "APFS: Adaptive probabilistic filter scheduling against distributed denial-of-service attacks," Computers & Security, vol. 39, pp. 366-385, 2013.
- L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, "Statistical approaches to DDoS attack detection and response," DISCEX, 2003, pp. 303-314.
- S. Savage, D.Wetherall, A. Karlin, and T. Anderson, "Network support for IP traceback," IEEE/ACM Trans. Netw., vol. 9, no. 3, pp. 226-237, 2001.
- S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical network support for IP traceback," in Proc. ACM SIGCOMM, 2000, pp. 295-306.
- I. Stoica and H. Zhang, "Providing guaranteed services without per flow management," in Proc. ACM SIGCOMM, Aug. 1999, pp. 81-94.
- A. Bremler-Barr and H. Levy, "Spoofing prevention method," in Proc. INFOCOM, vol. 1, 2005, pp. 536-547.
- M. Adler, "Trade-offs in probabilistic packet marking for IP traceback," J. ACM, vol. 52, no. 2, pp. 217-244, 2005.
- D. Dean, M. Franklin, and A. Stubblefield, "An algebraic approach to IP traceback," ACM Trans. Inf. Syst. Security, vol. 5, no. 2, pp. 119-137, 2002.
- A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent, and W. T. Strayer, "Single-packet IP traceback," IEEE/ACM Trans. Netw., vol. 10, no. 6, pp. 721-734, 2002.
- CAIDA. (2016). The CAIDA IPv4 Routed /24 Topology Dataset - April 9, 2012 and May 19, 2013. [Online]. Available: http://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml
- S. McClure, S. Shah, and S. Shah, Web hacking: Attacks and defense. Addison-Wesley Longman Publishing Co., Inc., 2002.
- B. Parno et al., "Portcullis: Protecting connection setup from denial-of-capability attacks," in Proc. ACM SIGCOMM, Aug. 2007, pp. 289-300.
- CAIDA. (2014). The CAIDA UCSD Macroscopic Topology Dataset. [Online]. Available: http://www.caida.org/tools/measurement/skitter/
- B. Liu, J. Bi, and Y. Zhu, "A deployable approach for inter-AS anti-spoofing," in Proc. IEEE ICNP. IEEE, 2011, pp. 19-24.
- H. An, H. Lee, and A. Perrig, "UAS: Universal anti-spoofing by incorporating existing mechanisms," in Proc. IEEE LCN, 2013, pp. 448-451.
저자의 다른 논문
- 2007 "BcN에서의 침입감내를 위한 네트워크 디자인 연구" 정보과학회논문지. Journal of KIISE. 정보통신 34 (5): 305~315
- 2008 "A Connection Management Protocol for Stateful Inspection Firewalls in Multi-Homed Networks" Journal of communications and networks 10 (4): 455~464
- 2009 "An Energy-Efficient Access Control Scheme forWireless Sensor Networks based on Elliptic Curve Cryptography" Journal of communications and networks 11 (6): 599~606
- 2009 "협업 기반의 중앙집중형 봇넷 탐지 및 관제 시스템 설계" 情報保護學會論文誌 = Journal of the Korean Institute of Information Security and Cryptology 19 (3): 83~93
- 2010 "융합소프트웨어 안전성을 위한 소프트웨어공학 기술 적용" 정보과학회지 = Communications of the Korean Institute of Information Scientists and Engineers 28 (2): 63~69
- 2010 "Classifying Rules by In-out Traffic Direction to Avoid Security Policy Anomaly" KSII Transactions on internet and information systems : TIIS 4 (4): 671~690
- 2011 "행위 그래프 기반의 변종 악성코드 탐지" 情報保護學會論文誌 = Journal of the Korean Institute of Information Security and Cryptology 21 (2): 37~47
- 2015 "DRDoS 증폭 공격 기법과 방어 기술 연구" 한국정보전자통신기술학회논문지 = Journal of Korea institute of information, electronics, and communication technology 8 (5): 429~437
- 2016 "Broken Integrity Detection of Video Files in Video Event Data Recorders" KSII Transactions on internet and information systems : TIIS 10 (8): 3943~3957
- 2016 "HTML 태그 순서를 이용한 불법 사이트 탐지 자동화 기술" 정보과학회논문지 = Journal of KIISE 43 (10): 1173~1178
유료 다운로드의 경우 해당 사이트의 정책에 따라 신규 회원가입, 로그인, 유료 구매 등이 필요할 수 있습니다. 해당 사이트에서 발생하는 귀하의 모든 정보활동은 NDSL의 서비스 정책과 무관합니다.
원문복사신청을 하시면, 일부 해외 인쇄학술지의 경우 외국학술지지원센터(FRIC)에서
무료 원문복사 서비스를 제공합니다.
NDSL에서는 해당 원문을 복사서비스하고 있습니다. 위의 원문복사신청 또는 장바구니 담기를 통하여 원문복사서비스 이용이 가능합니다.
- 이 논문과 함께 출판된 논문 + 더보기