Mitigating Insider Threat’s IP Spoofing through Enhanced Dynamic Cluster Algorithm (EDPU Based HCF)

Abstract

Insider Threat has always been a major problem to computer security due to unauthorized system misuse by users in an organization. Understanding the concept and the inherent adverse consequences of the insider threat can assist in postulating mitigating approaches and techniques to the menace. Insider intrusion, from researches, experiences and literature have proved to be more expensive and destructive more than external attacks due the comprehensive understanding of the internal operations of the organization by the perpetrator. Many researchers have explored into the unhealthy nature of insider activity with the aim of eliminating the threat, thereby identifying the various categories as theft of intellectual property, fraud, sabotage, espionage. This work tends to address the menace by studying models for detecting, reducing and eliminating the threat through IP Spoofing in order to propose a better model for the intrusion. Certain experimental research through analysis of network data measurement has shown that HCF (Hop Count Filtering) can discover and discard almost 90% of spoofed IP packets but an improvement on this experiment called DPU (Dynamic Path Update) Based Hop Count Filtering has proved to identify and discard more than 90%. This was carried out in Linux Kernel environment to substantiate the effectiveness of its measurements. However, enhancing enhancing the performance of the DPU-based HCF by reducing the packet size of packets at the point of entry in order to decrease the network traffic, and to permanently discard 100% spoofed packets is the research direction of this work