{"title":"一种可部署的跨自治系统反欺骗方法","authors":"Bingyang Liu, J. Bi, Y. Zhu","doi":"10.1109/ICNP.2011.6089052","DOIUrl":null,"url":null,"abstract":"Filtering IP packets with spoofed source addresses not only improves network security, but also helps with network diagnosis and management. Compared with filtering spoofing packets at the edge of network which involves high deployment and maintenance cost, filtering at autonomous system (AS) borders is more cost-effective. Inter-AS anti-spoofing, as its name suggests, is implemented on AS border routers to filter spoofing packets before their entering or leaving an AS. Existing inter-AS anti-spoofing approaches focus on filtering efficiency, but lacks of deployability. In this paper we first introduce three properties of a deployable inter-AS anti-spoofing approach, incremental deployability, high deployment incentives and low deployment cost. Then we propose DIA, the first inter-AS anti-spoofing approach meeting the three properties. We present the design of DIA and evaluate its deployability with real Internet data. The evaluation results show that DIA provides high deployment incentives for Internet Service Providers by significantly mitigating spoofing based denial of service attacks. Our implementation proves that DIA can be easily implemented in commodity routers and minimize the deployment cost.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"A deployable approach for inter-AS anti-spoofing\",\"authors\":\"Bingyang Liu, J. Bi, Y. Zhu\",\"doi\":\"10.1109/ICNP.2011.6089052\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Filtering IP packets with spoofed source addresses not only improves network security, but also helps with network diagnosis and management. Compared with filtering spoofing packets at the edge of network which involves high deployment and maintenance cost, filtering at autonomous system (AS) borders is more cost-effective. Inter-AS anti-spoofing, as its name suggests, is implemented on AS border routers to filter spoofing packets before their entering or leaving an AS. Existing inter-AS anti-spoofing approaches focus on filtering efficiency, but lacks of deployability. In this paper we first introduce three properties of a deployable inter-AS anti-spoofing approach, incremental deployability, high deployment incentives and low deployment cost. Then we propose DIA, the first inter-AS anti-spoofing approach meeting the three properties. We present the design of DIA and evaluate its deployability with real Internet data. The evaluation results show that DIA provides high deployment incentives for Internet Service Providers by significantly mitigating spoofing based denial of service attacks. Our implementation proves that DIA can be easily implemented in commodity routers and minimize the deployment cost.\",\"PeriodicalId\":202059,\"journal\":{\"name\":\"2011 19th IEEE International Conference on Network Protocols\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 19th IEEE International Conference on Network Protocols\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNP.2011.6089052\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 19th IEEE International Conference on Network Protocols","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNP.2011.6089052","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Filtering IP packets with spoofed source addresses not only improves network security, but also helps with network diagnosis and management. Compared with filtering spoofing packets at the edge of network which involves high deployment and maintenance cost, filtering at autonomous system (AS) borders is more cost-effective. Inter-AS anti-spoofing, as its name suggests, is implemented on AS border routers to filter spoofing packets before their entering or leaving an AS. Existing inter-AS anti-spoofing approaches focus on filtering efficiency, but lacks of deployability. In this paper we first introduce three properties of a deployable inter-AS anti-spoofing approach, incremental deployability, high deployment incentives and low deployment cost. Then we propose DIA, the first inter-AS anti-spoofing approach meeting the three properties. We present the design of DIA and evaluate its deployability with real Internet data. The evaluation results show that DIA provides high deployment incentives for Internet Service Providers by significantly mitigating spoofing based denial of service attacks. Our implementation proves that DIA can be easily implemented in commodity routers and minimize the deployment cost.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
