Title :
Analysis of Spoofed IP Traffic Using Time-to-Live and Identification Fields in IP Headers
Author :
Ohta, Masayuki ; Kanda, Yoshiki ; Fukuda, Kenji ; Sugawara, Toshiharu
Author_Institution :
Grad. Sch. of Fundamental Sci. & Eng., Waseda Univ., Tokyo, Japan
Abstract :
Internet services are often exposed to many kinds of threats such as the distributed denial of service (DDoS), viruses, and worms. Since these threats cause an adverse effect on the social and economical activities on the Internet, the technologies for protecting Internet services from the threats are strongly required. Many researchers have analyzed network traffic to detect anomalous one using many packet features (e.g., TCP/IP headers). In this paper, we focus on the Time To Live (TTL) and Identification fields (IPID) of the IP header to understand the anomalous traffic behavior, since source IP addresses are often spoofed. We propose a method to distinguish a plausible spoofed IP address from others based on a sequence of TTL and IPID fields. We show that our method can extract a number of plausible spoofing packets from real dark net traces in which all of the packets were not normal.
Keywords :
IP networks; Internet; computer network security; computer viruses; telecommunication traffic; IP address; IP header; IPID field; Internet service; TTL field; anomalous traffic behavior; distributed denial of service; identification field; spoofed IP traffic; time to live; Electronic mail; Grippers; IP networks; Internet; Time series analysis; Viruses (medical); darknet; network security; source spoofing;
Conference_Titel :
Advanced Information Networking and Applications (WAINA), 2011 IEEE Workshops of International Conference on
Conference_Location :
Biopolis
Print_ISBN :
978-1-61284-829-7
Electronic_ISBN :
978-0-7695-4338-3
DOI :
10.1109/WAINA.2011.111
