Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers

Masayuki Ohta, Yoshiki Kanda, Kensuke Fukuda, Toshiharu Sugawara

研究成果: Conference contribution

5 被引用数 (Scopus)

抄録

Internet services are often exposed to many kinds of threats such as the distributed denial of service (DDoS), viruses, and worms. Since these threats cause an adverse effect on the social and economical activities on the Internet, the technologies for protecting Internet services from the threats are strongly required. Many researchers have analyzed network traffic to detect anomalous one using many packet features (e.g., TCP/IP headers). In this paper, we focus on the Time To Live (TTL) and Identification fields (IPID) of the IP header to understand the anomalous traffic behavior, since source IP addresses are often spoofed. We propose a method to distinguish a plausible spoofed IP address from others based on a sequence of TTL and IPID fields. We show that our method can extract a number of plausible spoofing packets from real dark net traces in which all of the packets were not normal.

本文言語English
ホスト出版物のタイトルProceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011
ページ355-361
ページ数7
DOI
出版ステータスPublished - 2011
イベント25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011 - Biopolis, Singapore
継続期間: 2011 3 222011 3 25

出版物シリーズ

名前Proceedings - 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011

Conference

Conference25th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2011
CountrySingapore
CityBiopolis
Period11/3/2211/3/25

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

フィンガープリント 「Analysis of spoofed IP traffic using time-to-live and identification fields in IP headers」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル