Title :
Optimal Source-Based Filtering of Malicious Traffic
Author :
Soldo, Fabio ; Argyraki, Katerina ; Markopoulou, Athina
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Univ. of California, Irvine, Irvine, CA, USA
fDate :
4/1/2012 12:00:00 AM
Abstract :
In this paper, we consider the problem of blocking malicious traffic on the Internet via source-based filtering. In particular, we consider filtering via access control lists (ACLs): These are already available at the routers today, but are a scarce resource because they are stored in the expensive ternary content addressable memory (TCAM). Aggregation (by filtering source prefixes instead of individual IP addresses) helps reduce the number of filters, but comes also at the cost of blocking legitimate traffic originating from the filtered prefixes. We show how to optimally choose which source prefixes to filter for a variety of realistic attack scenarios and operators´ policies. In each scenario, we design optimal, yet computationally efficient, algorithms. Using logs from Dshield.org, we evaluate the algorithms and demonstrate that they bring significant benefit in practice.
Keywords :
Internet; filtering theory; telecommunication traffic; ACL; Internet; TCAM; access control lists; filtered prefixes; legitimate traffic blocking; malicious traffic blocking; optimal source-based filtering; realistic attack scenarios; source prefixes filtering; ternary content addressable memory; Algorithm design and analysis; Bandwidth; Complexity theory; Filtering; IP networks; Optimization; Resource management; Clustering algorithms; Internet; filtering; network security;
Journal_Title :
Networking, IEEE/ACM Transactions on
DOI :
10.1109/TNET.2011.2161615
