{"title":"往返时间改进跳数过滤","authors":"A. Mukaddam, I. Elhajj","doi":"10.1109/RELABIRA.2012.6235096","DOIUrl":null,"url":null,"abstract":"Cyber attacks are a major threat to today's Internet services. Most of these attacks utilize IP spoofing to conceal the actual source of the attack. In this paper, Hop Count Filtering (HCF), presented by Wang et al., is extended by utilizing both Round Trip Time (RTT) and Hop Count (HC) to detect IP spoofing where RTT calculation is possible. Based on one month traceroute data from 6 different sources to more than 380 destinations, an analysis is conducted to illustrate how the HC & RTT vary as seen by IPs in the same Autonomous System (AS) and same country, IPs in the same country but different AS, and IPs in different AS and different country. Results show that although IPs in the same AS have a high degree of similarity in terms of HC, the RTT can be used in conjunction with the HC to better differentiate between these IPs. RTT provides valuable information that would help improve the efficiency of HCF technique which solely relies on HC.","PeriodicalId":180400,"journal":{"name":"2012 Symposium on Broadband Networks and Fast Internet (RELABIRA)","volume":"56 12","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Round trip time to improve hop count filtering\",\"authors\":\"A. Mukaddam, I. Elhajj\",\"doi\":\"10.1109/RELABIRA.2012.6235096\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber attacks are a major threat to today's Internet services. Most of these attacks utilize IP spoofing to conceal the actual source of the attack. In this paper, Hop Count Filtering (HCF), presented by Wang et al., is extended by utilizing both Round Trip Time (RTT) and Hop Count (HC) to detect IP spoofing where RTT calculation is possible. Based on one month traceroute data from 6 different sources to more than 380 destinations, an analysis is conducted to illustrate how the HC & RTT vary as seen by IPs in the same Autonomous System (AS) and same country, IPs in the same country but different AS, and IPs in different AS and different country. Results show that although IPs in the same AS have a high degree of similarity in terms of HC, the RTT can be used in conjunction with the HC to better differentiate between these IPs. RTT provides valuable information that would help improve the efficiency of HCF technique which solely relies on HC.\",\"PeriodicalId\":180400,\"journal\":{\"name\":\"2012 Symposium on Broadband Networks and Fast Internet (RELABIRA)\",\"volume\":\"56 12\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-05-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Symposium on Broadband Networks and Fast Internet (RELABIRA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RELABIRA.2012.6235096\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Symposium on Broadband Networks and Fast Internet (RELABIRA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RELABIRA.2012.6235096","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyber attacks are a major threat to today's Internet services. Most of these attacks utilize IP spoofing to conceal the actual source of the attack. In this paper, Hop Count Filtering (HCF), presented by Wang et al., is extended by utilizing both Round Trip Time (RTT) and Hop Count (HC) to detect IP spoofing where RTT calculation is possible. Based on one month traceroute data from 6 different sources to more than 380 destinations, an analysis is conducted to illustrate how the HC & RTT vary as seen by IPs in the same Autonomous System (AS) and same country, IPs in the same country but different AS, and IPs in different AS and different country. Results show that although IPs in the same AS have a high degree of similarity in terms of HC, the RTT can be used in conjunction with the HC to better differentiate between these IPs. RTT provides valuable information that would help improve the efficiency of HCF technique which solely relies on HC.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
