Active ingress monitoring (AIM): an intrusion isolation scheme in active networks

Author

Kim, Gitae ; Bogovic, Tony

Author_Institution

Telcordia Technol. Inc., Morristown, NJ, USA

Volume

1

fYear

2001

fDate

11-14 Jun 2001

Firstpage

194

Abstract

Denial of Service (DoS) attacks have proven to be a challenging issue for the Internet community. We present a novel approach, active ingress monitoring (AIM), to effectively isolate DoS attacks that use randomly forged source IP addresses. Unlike the existing approaches, AIM reduces the computational overloads by executing the monitoring and filtering operations on selected packet streams only when needed. In addition, our scheme does not require complicated requirements or mandatory participation from every individual network in the Internet. AIM is based on the active networks environment and operates in the network layer based on passive traffic monitoring

Keywords

Internet; monitoring; security of data; telecommunication security; telecommunication traffic; transport protocols; Internet; active ingress monitoring; active networks; active routers; computational overload reduction; denial of service attacks; filtering operations; intrusion isolation; monitoring operations; network layer; packet streams; passive traffic monitoring; programmable network; randomly forged source IP address; Computer crime; Data security; IP networks; Information filtering; Information filters; Intelligent networks; Monitoring; Telecommunication traffic; Unicast; Web and internet services;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications, 2001. ICC 2001. IEEE International Conference on

Conference_Location

Helsinki

Print_ISBN

0-7803-7097-1

Type

conf

DOI

10.1109/ICC.2001.936302

Filename

936302