抽象的

Source Address Validation Implementation by Using BGP

R.Vishal, R.Angeline

The persistent evolution of the Internet continues to transform the way individuals, as well as businesses, educational institutions, and government organizations access, share, and communicate information. Convergence of digital voice, video, and data, is further consolidating the Internet as a critical infrastructure. One of the main routing protocols in the Internet and current de facto standard is the Border Gateway Protocol (BGP). Presently ubiquitous, BGP is a critical component of the exponentially growing network of routers that constitutes our contemporary Internet. Carrier networks, as well as most large enterprise organizations with multiple links to one or more service providers use BGP. The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this paper, we propose Source Address Validation Implementation (SAVI) that can mitigate the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require global routing information. SAVIs are constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers. We establish the conditions under which the SAVI correctly works in that it does not discard packets with valid source addresses. Based on extensive simulation studies, we show that, even with partial deployment on the Internet, SAVIs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.

免责声明: 此摘要通过人工智能工具翻译,尚未经过审核或验证

索引于

学术钥匙
研究圣经
引用因子
宇宙IF
参考搜索
哈姆达大学
世界科学期刊目录
学者指导
国际创新期刊影响因子(IIJIF)
国际组织研究所 (I2OR)
宇宙

查看更多