Title :
Performing software defined route-based IP spoofing filtering with SEFA
Author :
Guang Yao ; Jun Bi ; Tao Feng ; Peiyao Xiao ; Duanqi Zhou
Author_Institution :
Inst. for Network Sci. & Cyberspace, Tsinghua Univ., Beijing, China
Abstract :
IP spoofing is a well-known security threat on the Internet. Though there have been a number of spoofing prevention mechanisms, due the diversity of networks and management objectives, the operators may prefer a framework which enables easy installation and modification of the IP spoofing prevention solution, rather than a single mechanism. In this article, a lightweight and efficient framework for route-based IP spoofing filtering, named SEFA, is proposed. Through providing a collective view of the network and decoupling the filtering rule generation from network devices, SEFA enables easily installation of spoofing filtering application. SEFA mainly resolves the challenge that how to build network abstraction without taking full controllability. SEFA has been implemented based on slightly modifying commercial routers and an open source controller. Based on experiments, SEFA is found to be able to reduce the overhead and the latency of filtering rule generation and installation, while keeping off the complexity and latency of generating forwarding rules by the controller.
Keywords :
IP networks; Internet; security of data; IP spoofing filtering; Internet; SEFA; filtering rule generation; open source controller; security threat; software defined route; spoofing prevention mechanisms; Complexity theory; Controllability; Filtering; IP networks; Routing; Routing protocols; Security; IP Spoofing; Software Defined Networking; filtering;
Conference_Titel :
Computer Communication and Networks (ICCCN), 2014 23rd International Conference on
Conference_Location :
Shanghai
DOI :
10.1109/ICCCN.2014.6911784
