The optimal deployment of filters to limit forged address attacks in communication networks

Abstract

We consider forged address attacks in communication networks, wherein an attacking node forges the address of communication requests sent to a victim node. Unless the victim can ascertain the origin of the attack, it must cease to respond to communication requests until the attack subsides. We examine the problem of identifying a minimum cardinality subset of nodes on a network, such that placing route-based filters on these nodes provides a prescribed level of security. We model the problem as an integer program and illustrate its performance on randomly generated networks. Next, we develop a greedy heuristic to deploy filters in these networks, and compare its solution quality to that of the integer programming approach. These findings are then used to motivate both the importance of addressing this problem by optimal techniques and to motivate future research approaches for solving such problems. © Springer-Verlag Berlin Heidelberg 2004.