Title :
Filtering sources of unwanted traffic
Author :
Soldo, Fabio ; El Defrawy, Karim ; Markopoulou, Athina ; Krishnamurthy, Balachander ; Van der Merwe, Jacobus
Author_Institution :
California Univ., Irvine, CA
fDate :
Jan. 27 2008-Feb. 1 2008
Abstract :
There is a large and increasing amount of unwanted traffic on the Internet today, including phishing, spam, and distributed denial-of-service attacks. One way to deal with this problem is to filter unwanted traffic at the routers based on source IP addresses. Because of the limited number of available filters in the routers today, aggregation is used in practice: a single filter describes and blocks an entire range of IP addresses. This results in blocking of all (unwanted and wanted) traffic generated from hosts with IP addresses in that range. In this paper, we develop a family of algorithms that, given a blacklist containing the source IP addresses of unwanted traffic and a constraint on the number of filters, construct a set of filtering rules that optimize the tradeoff between the unwanted and legitimate traffic that is blocked. We show that our algorithms are optimal and also computationally efficient. Furthermore, we demonstrate that they are particularly beneficial when applied to realistic distributions of sources of unwanted traffic, which are known to exhibit spatial and temporal clustering.
Keywords :
IP networks; Internet; filtering theory; telecommunication network routing; telecommunication traffic; Internet; distributed denial-of-service attacks; filtering sources; realistic distributions; routers based on source IP addresses; temporal clustering; unwanted traffic; Clustering algorithms; Computer crime; Constraint optimization; Filtering algorithms; Floods; Information filtering; Information filters; Internet; Jacobian matrices; Telecommunication traffic;
Conference_Titel :
Information Theory and Applications Workshop, 2008
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4244-2670-6
DOI :
10.1109/ITA.2008.4601049
