Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers

Masayuki Ohta, Yoshiki Kanda, Kensuke Fukuda, Toshiharu Sugawara

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Internet services are often exposed to many kinds of threats such as the distributed denial of service (DDoS), viruses, and worms. Since these threats cause an adverse effect on the social and economical activities on the Internet, the technologies for protecting Internet services from the threats are strongly required. Many researchers have analyzed network traffic to detect anomalous one using many packet features (e.g., TCP/IP headers). In this paper, we focus on the Time To Live (TTL) and Identification fields (IPID) of the IP header to understand the anomalous traffic behavior, since source IP addresses are often spoofed. We propose a method to distinguish a plausible spoofed IP address from others based on a sequence of TTL and IPID fields. We show that our method can extract a number of plausible spoofing packets from real dark net traces in which all of the packets were not normal.

Original languageEnglish
Title of host publicationProceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011
Pages355-361
Number of pages7
DOIs
Publication statusPublished - 2011 May 31
Event25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011 - Biopolis, Singapore
Duration: 2011 Mar 222011 Mar 25

Publication series

NameProceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011

Conference

Conference25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011
CountrySingapore
CityBiopolis
Period11/3/2211/3/25

Keywords

  • darknet
  • network security
  • source spoofing

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers'. Together they form a unique fingerprint.

  • Cite this

    Ohta, M., Kanda, Y., Fukuda, K., & Sugawara, T. (2011). Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers. In Proceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011 (pp. 355-361). [5763526] (Proceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011). https://doi.org/10.1109/WAINA.2011.111