Filtering sources of unwanted traffic

2008 Information Theory and Applications Workshop Pub Date : 2008-08-15 DOI:10.1109/ITA.2008.4601049

F. Soldo, Karim El Defrawy, A. Markopoulou, B. Krishnamurthy, Jacobus van der Merwe

{"title":"Filtering sources of unwanted traffic","authors":"F. Soldo, Karim El Defrawy, A. Markopoulou, B. Krishnamurthy, Jacobus van der Merwe","doi":"10.1109/ITA.2008.4601049","DOIUrl":null,"url":null,"abstract":"There is a large and increasing amount of unwanted traffic on the Internet today, including phishing, spam, and distributed denial-of-service attacks. One way to deal with this problem is to filter unwanted traffic at the routers based on source IP addresses. Because of the limited number of available filters in the routers today, aggregation is used in practice: a single filter describes and blocks an entire range of IP addresses. This results in blocking of all (unwanted and wanted) traffic generated from hosts with IP addresses in that range. In this paper, we develop a family of algorithms that, given a blacklist containing the source IP addresses of unwanted traffic and a constraint on the number of filters, construct a set of filtering rules that optimize the tradeoff between the unwanted and legitimate traffic that is blocked. We show that our algorithms are optimal and also computationally efficient. Furthermore, we demonstrate that they are particularly beneficial when applied to realistic distributions of sources of unwanted traffic, which are known to exhibit spatial and temporal clustering.","PeriodicalId":345196,"journal":{"name":"2008 Information Theory and Applications Workshop","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Information Theory and Applications Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITA.2008.4601049","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

There is a large and increasing amount of unwanted traffic on the Internet today, including phishing, spam, and distributed denial-of-service attacks. One way to deal with this problem is to filter unwanted traffic at the routers based on source IP addresses. Because of the limited number of available filters in the routers today, aggregation is used in practice: a single filter describes and blocks an entire range of IP addresses. This results in blocking of all (unwanted and wanted) traffic generated from hosts with IP addresses in that range. In this paper, we develop a family of algorithms that, given a blacklist containing the source IP addresses of unwanted traffic and a constraint on the number of filters, construct a set of filtering rules that optimize the tradeoff between the unwanted and legitimate traffic that is blocked. We show that our algorithms are optimal and also computationally efficient. Furthermore, we demonstrate that they are particularly beneficial when applied to realistic distributions of sources of unwanted traffic, which are known to exhibit spatial and temporal clustering.

查看原文本刊更多论文

过滤不需要的流量来源

如今，Internet上存在大量且不断增加的不需要的流量，包括网络钓鱼、垃圾邮件和分布式拒绝服务攻击。解决这个问题的一种方法是根据源IP地址过滤路由器上不需要的流量。由于目前路由器中可用的过滤器数量有限，因此在实践中使用聚合:单个过滤器描述并阻止整个IP地址范围。这将导致从IP地址在该范围内的主机生成的所有(不需要的和需要的)流量被阻塞。在本文中，我们开发了一系列算法，给定包含不需要流量的源IP地址的黑名单和对过滤器数量的约束，构建一组过滤规则来优化被阻止的不需要流量和合法流量之间的权衡。我们证明了我们的算法是最优的，而且计算效率很高。此外，我们证明，当应用于不需要的流量源的实际分布时，它们是特别有益的，这是已知的表现出空间和时间聚类。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 Information Theory and Applications Workshop

自引率

0.00%

发文量