Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers

Masayuki Ohta, Yoshiki Kanda, Kensuke Fukuda, Toshiharu Sugawara

研究成果: Conference contribution

5 引用 (Scopus)

抜粋

Internet services are often exposed to many kinds of threats such as the distributed denial of service (DDoS), viruses, and worms. Since these threats cause an adverse effect on the social and economical activities on the Internet, the technologies for protecting Internet services from the threats are strongly required. Many researchers have analyzed network traffic to detect anomalous one using many packet features (e.g., TCP/IP headers). In this paper, we focus on the Time To Live (TTL) and Identification fields (IPID) of the IP header to understand the anomalous traffic behavior, since source IP addresses are often spoofed. We propose a method to distinguish a plausible spoofed IP address from others based on a sequence of TTL and IPID fields. We show that our method can extract a number of plausible spoofing packets from real dark net traces in which all of the packets were not normal.

元の言語English
ホスト出版物のタイトルProceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011
ページ355-361
ページ数7
DOI
出版物ステータスPublished - 2011 5 31
イベント25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011 - Biopolis, Singapore
継続期間: 2011 3 222011 3 25

出版物シリーズ

名前Proceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011

Conference

Conference25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011
Singapore
Biopolis
期間11/3/2211/3/25

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

フィンガープリント Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers' の研究トピックを掘り下げます。これらはともに一意のフィンガープリントを構成します。

  • これを引用

    Ohta, M., Kanda, Y., Fukuda, K., & Sugawara, T. (2011). Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers. : Proceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011 (pp. 355-361). [5763526] (Proceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011). https://doi.org/10.1109/WAINA.2011.111