期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

MASK:An efficient mechanism to extend inter-domain IP spoofing preventions

MASK:An efficient mechanism to extend inter-domain IP spoofing preventions
原文传递
导出
摘要 IP spoofing hinders the efficiency of DDoS defenses. While recent proposals of IP spoofing prevention mechanisms are weak at filtering spoofing packets due to the complexity in maintaining source IP spaces and the low incentive of deployments. To address this problem, we propose an efficient mechanism to extend the range of inter-domain IP spoofing prevention called MASK. Source MASK nodes inform destination MASK nodes about the source IP spaces and labels of their neighbor Stub-ASes in order to implement the marking and verification of packets towards the Stub-ASes, and limit the number of MASK peers through the propagation of BGP updates so as to reduce the overheads of computing and storing of labels. By utilizing the method of extending the spoofing prevention to Stub-ASes, MASK can not only enlarge the domain of the spoofing prevention service, but also filter spoofing packets in advance. Through analysis and simulations, we demonstrate MASK's accuracy and effectiveness. IP spoofing hinders the efficiency of DDoS defenses. While recent proposals of IP spoofing prevention mechanisms are weak at filtering spoofing packets due to the complexity in maintaining source IP spaces and the low incentive of deployments. To address this problem, we propose an efficient mechanism to extend the range of inter-domain IP spoofing prevention called MASK. Source MASK nodes inform destination MASK nodes about the source IP spaces and labels of their neighbor Stub-ASes in order to implement the marking and verification of packets towards the Stub-ASes, and limit the number of MASK peers through the propagation of BGP updates so as to reduce the overheads of computing and storing of labels. By utilizing the method of extending the spoofing prevention to Stub-ASes, MASK can not only enlarge the domain of the spoofing prevention service, but also filter spoofing packets in advance. Through analysis and simulations, we demonstrate MASK's accuracy and effectiveness.
作者 LU XiCheng LV GaoFeng ZHU PeiDong CHEN YiJiao
机构地区 School of Computer
出处 《Science in China(Series F)》 2008年第11期1745-1760,共16页 中国科学(F辑英文版)
基金 the National Basic Research Program of China (973 Program) (Grant Nos. 2003CB314802 and 2005CB321801)
关键词 DDOS IP spoofing prevention BGP DDoS, IP spoofing prevention, BGP
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Beverly R,,Bauer S.The spoofer project: inferring the extent of source address filtering on the Internet[].USENIX SRUTI.2005
  • 2Koponen T,Chawla M,Chun B G, et al.A data-oriented (and beyond) network architecture[].SIGCOMM.2007
  • 3Guha S,Francis P.An end-middle-end approach to connection establishment[].SIGCOMM.2007
  • 4Duan Z H,Yuan X,Chandrashekar J.Constructing inter-domain packet filters to control IP spoofing based on Bgp updates[].INFOCOM.2007
  • 5Bremler A,Levy H.Spoofing prevention method[].INFOCOM.2005
  • 6Lee H,Park K.On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack[].INFOCOM.2001
  • 7Ferguson P,Senie D.Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing[].RFC.1998
  • 8Moore D,Voeker G M,Savage S.Inferring Internet denial-of-service activity[].USENIX Security Symposium.2001
  • 9Lu X C,Zhao J J,Zhu P D.Self-organization of inter-domain routing system[].J Software.2006
  • 10Rekhter Y,Li T,Hares S, et al.A border gateway protocol 4 (Bgp-4)[].RFC.2006
Science in China(Series F)
2008年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部