Abstract

IP spoofing has been a persistent Internet security threat for decades. While research solutions exist that can help an edge network detect spoofed and reflected traffic, the sheer volume of such traffic requires handling further upstream.
We propose RESECT---a self-learning spoofed packet filter that detects spoofed traffic upstream from the victim by combining information about the traffic's expected route and about the sender's response to a few packet drops. RESECT is unique in its ability to autonomously learn correct filtering rules when routes change, or when routing is asymmetric or multipath. Its operation has a minimal effect on legitimate traffic, while it quickly detects and drops spoofed packets. In isolated deployment, RESECT greatly reduces spoofed traffic to the deploying network and its customers, to 8-26% of its intended rate. If deployed at 50 best-connected autonomous systems, RESECT protects the …

Metadata

publication

Proceedings of the 33rd Annual Computer Security Applications Conference …, 2017

year

2017

publication date

2017/12/4

authors

Jelena Mirkovic, Erik Kline, Peter Reiher

link

https://dl.acm.org/doi/abs/10.1145/3134600.3134644

resource_link

https://lasr.cs.ucla.edu/lasr-members/reiher/papers/RESECT.pdf

book

Proceedings of the 33rd Annual Computer Security Applications Conference

pages

474-485