Network traffic regulation including consistency based detection and filtering of packets with spoof source addresses
作者: David J. Wetherall , Thomas E. Anderson , Stefan R. Savage
DOI:
关键词: Traffic regulation 、 Filter (signal processing) 、 T distribution 、 Range (statistics) 、 Consistency (database systems) 、 Spatial consistency 、 Computer science 、 Routing (electronic design automation) 、 Data mining 、 Network packet
摘要: A director is provided to receive source address instances of packets routed through routing devices a network. The determines whether any the reported are be deemed as spoof instances. further where filtering actions deployed filter out having certain addresses makes its determinations based at least in part on selected one number consistency measures. measures may include but not limited spatial consistency, destination migration and temporary consistency. evaluated using spatial, range, timing S/D/M/T distribution profiles addresses. In some embodiments, view reference profiles, which an exemplary profile typical non-spoof or historical address.
lens.org 参考文章(7)
Derk Norton, David L. Wood, Michael B. Dilger, Yunas Nadiadi, Thomas Pratt, Security architecture with environment sensitive credential sufficiency evaluation ,(1999)
Anthony D. Amicangioli, David J. Yates, Ray Y. Chow, Message redirector with cut-through switch for highly reliable and efficient network traffic processor deployment ,(1998)
John W. Garrett, Kadangode K. Ramakrishnan, Han Q. Nguyen, Charles R. Kalmanek, Service selection in a shared access network using dynamic host configuration protocol ,(2001)
Massimiliano Antonia Poletto, Edward W. Kohler, Thwarting source address spoofing-based denial of service attacks ,(2001)
Marinus Frans Kaashoek, Massimiliano Antonio Poletto, Edward W. Kohler, Architecture to thwart denial of service attacks ,(2002)
John Applegate, Jeff Romatoski, System and method for redirecting network traffic to provide secure communication ,(1998)
Barrie O. Morgan, Random digital code generator ,(1976)