Title :
Design and implementation of a real-time decentralized source identification system for untrusted IP packets
Author :
Chang, H.Y. ; Chen, P. ; Hayatnagarrear, A. ; Narayan, R. ; Sheth, P. ; Vo, N. ; Wu, C.L. ; Wu, S.F. ; Zhang, L. ; Zhang, X. ; Gong, F. ; Jou, F. ; Sargor, C. ; Wu, X.
Author_Institution :
Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC, USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
DECIDUOUS is a security management framework for identifying the “true” sources of network-based intrusions. As in IPv4, normally the source IP address field of an IP packet is untrusted. Therefore, DECIDUOUS utilizes the IPSec security associations as “trapdoors” to derive possible network paths that an attack packet has traveled to reach the target victim. In (Chang et al., 1999), we illustrated the architecture and design of the DECIDUOUS framework. In this paper, we describe our prototype implementation and experimental results
Keywords :
computer network management; real-time systems; security of data; telecommunication security; transport protocols; DECIDUOUS; IPSec security; IPv4; experimental results; network-based intrusions; prototype implementation; real-time decentralized source identification; security management framework; source IP address; untrusted IP packets; Real time systems;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.821512
