• DocumentCode
    2446584
  • Title

    A deployable approach for inter-AS anti-spoofing

  • Author

    Liu, Bingyang ; Bi, Jun ; Zhu, Yu

  • Author_Institution
    Dept. of Comput. Sci., Tsinghua Univ., Beijing, China
  • fYear
    2011
  • fDate
    17-20 Oct. 2011
  • Firstpage
    19
  • Lastpage
    24
  • Abstract
    Filtering IP packets with spoofed source addresses not only improves network security, but also helps with network diagnosis and management. Compared with filtering spoofing packets at the edge of network which involves high deployment and maintenance cost, filtering at autonomous system (AS) borders is more cost-effective. Inter-AS anti-spoofing, as its name suggests, is implemented on AS border routers to filter spoofing packets before their entering or leaving an AS. Existing inter-AS anti-spoofing approaches focus on filtering efficiency, but lacks of deployability. In this paper we first introduce three properties of a deployable inter-AS anti-spoofing approach, incremental deployability, high deployment incentives and low deployment cost. Then we propose DIA, the first inter-AS anti-spoofing approach meeting the three properties. We present the design of DIA and evaluate its deployability with real Internet data. The evaluation results show that DIA provides high deployment incentives for Internet Service Providers by significantly mitigating spoofing based denial of service attacks. Our implementation proves that DIA can be easily implemented in commodity routers and minimize the deployment cost.
  • Keywords
    IP networks; telecommunication network management; telecommunication security; IP packets filtering; denial of service attacks; inter-autonomous system anti-spoofing; network diagnosis; network management; network security; spoofed source addresses; spoofing packets filtering; Bandwidth; Complexity theory; Cryptography; Distributed Bragg reflectors; Filtering; IP networks; Internet; IP Spoofing; Inter-AS; Packet Filtering;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Protocols (ICNP), 2011 19th IEEE International Conference on
  • Conference_Location
    Vancouver, BC
  • Print_ISBN
    978-1-4577-1392-7
  • Type

    conf

  • DOI
    10.1109/ICNP.2011.6089052
  • Filename
    6089052