Peter Reiher UCLA

CT-ISG: Collaborative Research: Enabling Routers to Detect and Filter Spoofed Traffic

IP spoofing exacerbates many security threats.If spoofing were eliminated or sufficiently reduced, defenses against DDoS, distributed scanning and intrusions would be much simplified and more effective. Of particular interest are spoofing defenses that will be both practical (cheap to deploy and operate) and effective (provide significant benefit in sparse deployment. This project develops two such defense mechanisms: (1) Clouseau, which enables routers on asymmetric paths to accurately infer associations between the route descriptor and the source address. It will support multiple associations (in case of multipath routing) and will promptly update associations when routes change. Clouseau will be integrated with two very effective spoofing defenses: route-based filtering and hop-count filtering, and will protect deploying networks from spoofed traffic. (2) RAD, which helps networks protect themselves from reflector attacks.

Clouseau and RAD will operate completely autonomously. Deployment of Clouseau at as few as 50 chosen Internet autonomous systems, together with RBF or HCF, will reduce amount of spoofed traffic on the Internet to less than 3%. In isolated deployment, Clouseau with RBF or HCF will reduce spoofed traffic received by the deploying network to less than 3%. RAD system will offer a significant protection from reflector attacks in isolated deployment and an almost perfect protection when RAD is deployed in the Internet core.

This research is leading to a significant reduction of spoofed traffic in the Internet. All code will be released to the public, and graduate and undergraduate students will receive valuable training from participation in this project.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Application #
0716829
Program Officer
Carl Landwehr
Project Start
Project End
Budget Start
2007-08-01
Budget End
2010-07-31
Support Year
Fiscal Year
2007
Total Cost
$205,000
Indirect Cost
Name
University of California Los Angeles
Department
Type
DUNS #
City
Los Angeles
State
CA
Country
United States
Zip Code
90095