IP Spoofing Detection Approach(ISDA) for Network Intrusion Detection System

Author

Sui Song ; Manikopoulos, C.N.

Author_Institution

New Jersey Inst. of Technol., Newark

fYear

2006

Firstpage

1

Lastpage

4

Abstract

A new approach for detecting spoofed IP level, called IP spoofing detection approach (ISDA), is proposed. The purpose of this approach is maximally to keep effective parts and remove forged parts of source IP addresses under flooding attacks and dynamically configure flow aggregation scheme for flow-based network intrusion detection to build the most effective intrusion detection approach. Our work concentrates on developing an overall framework, which includes building flow aggregation schemes for flow-based network intrusion detection system (FNIDS), detecting IP address spoofing level and using fuzzy logic method automatically to activate the most appropriate flow aggregation scheme. Finally, the performance of applying our proposed architecture against flooding DDOS attacks is evaluated by using DARPA 98 data. Results show the significant improvement for FNIDS after applying the IP address spoofing detection algorithms.

Keywords

IP networks; fuzzy logic; security of data; IP spoofing detection approach; flooding DDOS attacks; flooding attacks; flow aggregation scheme; flow-based network intrusion detection; fuzzy logic method; network intrusion detection system; source IP addresses; Buildings; Computer crime; Detection algorithms; Fuzzy logic; Information filtering; Information filters; Internet; Intrusion detection; Telecommunication traffic; Traffic control; Field aggregation schemes; Flow; Flow aggregation scheme; Flow-based Network Intrusion Detection System; Neural Network Classifier; Prefix Aggregation scheme;

fLanguage

English

Publisher

ieee

Conference_Titel

Sarnoff Symposium, 2006 IEEE

Conference_Location

Princeton, NJ

Print_ISBN

978-1-4244-0002-7

Type

conf

DOI

10.1109/SARNOF.2006.4534792

Filename

4534792