{"title":"as间路径矢量滤波器:消除假阴性","authors":"Zhou Zhang, Y. Liu, Jianping Wu, Gang Ren, J. Bi","doi":"10.1109/LANMAN.2015.7114734","DOIUrl":null,"url":null,"abstract":"IP spoofing based attacks remains a serious and open security problem due to the fact that the current Internet implements no source address authentication mechanisms. A series of anti-spoofing practices have long been proposed while their actual implementation seems far from satisfactory. Route based filters were extensively studied in the design of Inter-AS source address validation methods. Traditional route based filters only use route direction information to establish filtering rules, causing inherited fake negatives. A novel inter-AS filter based on route path vector is proposed to reduce or even eliminate such fake negatives in this article. We name the filter IPVF (Inter-AS Path Vector Filter), which utilizes the route information of both path and distance, exhibits measurable increase in performance and incurs acceptable additional bandwidth cost. Moreover, traditional route based filtering rules is easy to be deduced by attackers. Since the filtering rules of IPVF could change over time by setting parameters, its actual improvement in performance could be exponentially increased.","PeriodicalId":193630,"journal":{"name":"The 21st IEEE International Workshop on Local and Metropolitan Area Networks","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An inter-AS path vector filter: towards elimination of false negatives\",\"authors\":\"Zhou Zhang, Y. Liu, Jianping Wu, Gang Ren, J. Bi\",\"doi\":\"10.1109/LANMAN.2015.7114734\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IP spoofing based attacks remains a serious and open security problem due to the fact that the current Internet implements no source address authentication mechanisms. A series of anti-spoofing practices have long been proposed while their actual implementation seems far from satisfactory. Route based filters were extensively studied in the design of Inter-AS source address validation methods. Traditional route based filters only use route direction information to establish filtering rules, causing inherited fake negatives. A novel inter-AS filter based on route path vector is proposed to reduce or even eliminate such fake negatives in this article. We name the filter IPVF (Inter-AS Path Vector Filter), which utilizes the route information of both path and distance, exhibits measurable increase in performance and incurs acceptable additional bandwidth cost. Moreover, traditional route based filtering rules is easy to be deduced by attackers. Since the filtering rules of IPVF could change over time by setting parameters, its actual improvement in performance could be exponentially increased.\",\"PeriodicalId\":193630,\"journal\":{\"name\":\"The 21st IEEE International Workshop on Local and Metropolitan Area Networks\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-04-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 21st IEEE International Workshop on Local and Metropolitan Area Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LANMAN.2015.7114734\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 21st IEEE International Workshop on Local and Metropolitan Area Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LANMAN.2015.7114734","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An inter-AS path vector filter: towards elimination of false negatives
IP spoofing based attacks remains a serious and open security problem due to the fact that the current Internet implements no source address authentication mechanisms. A series of anti-spoofing practices have long been proposed while their actual implementation seems far from satisfactory. Route based filters were extensively studied in the design of Inter-AS source address validation methods. Traditional route based filters only use route direction information to establish filtering rules, causing inherited fake negatives. A novel inter-AS filter based on route path vector is proposed to reduce or even eliminate such fake negatives in this article. We name the filter IPVF (Inter-AS Path Vector Filter), which utilizes the route information of both path and distance, exhibits measurable increase in performance and incurs acceptable additional bandwidth cost. Moreover, traditional route based filtering rules is easy to be deduced by attackers. Since the filtering rules of IPVF could change over time by setting parameters, its actual improvement in performance could be exponentially increased.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
