Skip to main content
Conference ProceedingsOPEN ACCESS

Detecting IP spoofing by modelling history of IP address entry points

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) 7943 LNCS 73-83
DOI: 10.1007/978-3-642-38998-6_9
2Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Since a lot of the networks do not apply source IP filtering to its outgoing traffic, an attacker may insert an arbitrary source IP address in an outgoing packet, i.e., IP address spoofing. This paper elaborates on a possibility to detect the spoofing in a large network peering with other networks. A proposed detection scheme is based on an analysis of NetFlow data collected at the entry points in the network. The scheme assumes that the network traffic originating from a certain source network enters the network under surveillance via a relatively stable set of points. The scheme has been tested on data from the real network. © 2013 IFIP International Federation for Information Processing.

Cite

CITATION STYLE

APA

Kováčik, M., Kajan, M., & Žádník, M. (2013). Detecting IP spoofing by modelling history of IP address entry points. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7943 LNCS, pp. 73–83). https://doi.org/10.1007/978-3-642-38998-6_9

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free