A trust-based approach against IP-spoofing attacks

Author

Gonzalez, Jesus M. ; Anwar, Mohd ; Joshi, James B D

Author_Institution

Grad. Program in Telecommun. & Networking, Univ. of Pittsburgh, Pittsburgh, PA, USA

fYear

2011

fDate

19-21 July 2011

Firstpage

63

Lastpage

70

Abstract

IP-spoofing attacks remain one of the most damaging attacks in which an attacker replaces the original source IP address with a new one. Using the existing attacking tools to launch IP spoofing attacks, an attacker can now easily compromise access routers and not only the end-hosts. In this paper, we propose a trust-based approach using a Bayesian inference model that evaluates the trustworthiness of an access router with regards to forwarding packets without modifying their source IP address. The trust values for the access routers is computed by a judge router that samples all traffic being forwarded by the access routers. The simulation results show that our approach effectively detects malicious access routers. The results also show that our approach has a low impact on the network performance when no attack is present, and that it introduces little overhead traffic.

Keywords

IP networks; belief networks; computer network security; inference mechanisms; telecommunication network routing; telecommunication traffic; Bayesian inference model; IP address; IP spoofing attacks; access routers; judge router; overhead traffic; packet forwarding; trust-based approach; trustworthiness evaluation; Delay; Filtering; Fires; IP networks; Monitoring; Probes; Routing protocols; Access Router; Autonomous System; Bayesian Inference; IP-spoofing; Trust;

fLanguage

English

Publisher

ieee

Conference_Titel

Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference on

Conference_Location

Montreal, QC

Print_ISBN

978-1-4577-0582-3

Type

conf

DOI

10.1109/PST.2011.5971965

Filename

5971965