Abstract
Recently, as the serious damage caused by spoofed traffic like DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not provide effective defense against these attacks, and cannot especially identify the origin generating the spoofed traffic. In this paper, we describe a simple and practical solution that supports the immediate detection and identification for spoofing attack agent. Proposed agent needs only one per a router, and the modification of legacy routers is not required. So, if agents as many as routers are distributed, they can perfectly detect the spoofed traffic generated on themselves network, and directly identify the attack agent, regardless of spoofing level. We implement the proposed mechanism, experiment with strong DDoS tool on the real network, and confirm the effectiveness of our design.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. IETF RFC2827 (May 2000)
Flanagan, H.L.: Egress filtering – keeping the Internet safe from your systems, http://www.giac.org/practical/gsec/Heather_Flanagan_GSEC.pdf
Park, K., Lee, H.: On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. In: Proc. of ACM SGOMM, pp. 15–26 (2001)
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source Address Validity Enforcement Protocol. In: IEEE Infocom (2002)
Jin, C., Wang, H., Shin, K.G.: Hop-Count Filtering: An Effective Defense Against Spoofed Traffic. In: Proc. of the 10th ACM Conference on Computer and Communication Security (2003)
Peng, T., Leckie, C., Kotagiri, R.: Protection from Distributed Denial of Service Attacks Using History-based IP Filtering. In: ICC 2003 (2003)
Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive Detection of Distributed Denial of Service Attacks using MIB Traffic Variables – A Feasibility Study. In: Proc. of the 7th IEEE/IFIP International Symposium on Integrated Network Management (May 2001)
Lipson, H.F.: Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, SPECIAL REPORT CMU/SEI-2002-SR-009 (November 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, M., Chae, K. (2004). Detection and Identification Mechanism against Spoofed Traffic Using Distributed Agents. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_79
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_79
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive