Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2012: Network and System Security pp 1–14Cite as

Enhancing List-Based Packet Filter Using IP Verification Mechanism against IP Spoofing Attack in Network Intrusion Detection

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7645))

Abstract

Signature-based network intrusion detection systems (NIDSs) have become an essential part in current network security infrastructure to identify different kinds of network attacks. However, signature matching is a big suffering problem for these systems in which the cost of the signature matching is at least linear to the size of an input string. To mitigate this issue, we have developed a context-aware packet filter by means of the blacklist technique to filter out network packets for a signature-based NIDS and achieved good results. But the effect of the whitelist technique has not been explored in our previous work. In this paper, we therefore aim to develop a list-based packet filter by combining the whitelist technique with the blacklist-based packet filter under some specific conditions, and investigate the effect of the whitelist on packet filtration. To protect both the blacklist and the whitelist, we employ an IP verification mechanism to defend against IP spoofing attack. We implemented the list-based packet filter in a network environment and evaluated it with two distinct datasets, the experimental results show that by deploying with the IP verification mechanism, the whitelist technique can improve the packet filtration without lowering network security.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31(23-24), 2435–2463 (1999)

    Article  Google Scholar 

  2. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94 (2007)

    Google Scholar 

  3. Roesch, M.: Snort: Lightweight Intrusion Detection for Networks. In: Proceedings of Usenix Lisa Conference, pp. 229–238 (1999)

    Google Scholar 

  4. Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational Experiences with High-Volume Network Intrusion Detection. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), pp. 2–11 (2004)

    Google Scholar 

  5. Vigna, G., Kemmerer, R.A.: NetSTAT: A Network-based Intrusion Detection Approach. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), pp. 25–34 (1998)

    Google Scholar 

  6. Valdes, A., Anderson, D.: Statistical Methods for Computer Usage Anomaly Detection Using NIDES. Technical Report, SRI International (January 1995)

    Google Scholar 

  7. Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), pp. 259–267 (1998)

    Google Scholar 

  8. Snort, The Open Source Network Intrusion Detection System, http://www.snort.org/ (accessed on April 21, 2012)

  9. Rivest, R.L.: On the worst-case behavior of string-searching algorithms. SIAM Journal on Computing, 669–674 (1977)

    Google Scholar 

  10. Isacenkova, J., Balzarotti, D.: Measurement and Evaluation of A Real World Deployment of A Challenge-Response Spam Filter. In: Proceedings of ACM SIGCOMM Conference on Internet Measurement Conference (IMC), pp. 413–426 (2011)

    Google Scholar 

  11. Sommer, R., Paxson, V.: Outside the Closed World: On using Machine Learning for Network Intrusion Detection. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 305–316. IEEE, New York (2010)

    Google Scholar 

  12. Lofgren, P., Hopper, N.: FAUST: Efficient, TTP-free Abuse Prevention by Anonymous Whitelisting. In: Proceedings of Annual ACM Workshop on Privacy in the Electronic Society (WPES), pp. 125–130 (2011)

    Google Scholar 

  13. Wireshark, http://www.wireshark.org/ (accessed on April 25, 2012)

  14. Erickson, D., Casado, M., Mckeown, N.: The Effectiveness of Whitelisting: a User-Study. In: Proceedings of Conference on Email and Anti-Spam, pp. 1–10 (2008)

    Google Scholar 

  15. Yoon, M.K.: Using Whitelisting to Mitigate DDoS Attacks on Critical Internet Sites. IEEE Communications Magazine 48(7), 110–115 (2010)

    Article  Google Scholar 

  16. IP Source Guard, http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html (accessed on May 12, 2012)

  17. Synopsys Verification IP, http://www.synopsys.com/Tools/Verification/FunctionalVerification/VerificationIP/Pages/default.aspx (accessed on May 12, 2012)

  18. Chen, E.Y., Itoh, M.: A Whitelist Approach to Protect SIP Servers from Flooding Attacks. In: Proceedings of IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), pp. 1–6 (2010)

    Google Scholar 

  19. Colasoft Packet Builder, http://www.colasoft.com/packet_builder/ (accessed on April 12, 2012)

  20. Kim, T.H., Choi, Y.S., Kim, J., Hong, S.J.: Annulling SYN Flooding Attacks with Whitelist. In: Proceedings of International Conference on Advanced Information Networking and Applications Workshops, pp. 371–376 (2008)

    Google Scholar 

  21. McHugh, J.: Testing Intrusion Detection Systems: a Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information System Security 3(4), 262–294 (2000)

    Article  Google Scholar 

  22. Meng, Y., Kwok, L.F.: Adaptive Context-aware Packet Filter Scheme using Statistic-based Blacklist Generation in Network Intrusion Detection. In: Proceedings of International Conference on Information Assurance and Security (IAS), pp. 74–79 (2011)

    Google Scholar 

  23. Li, J., Sung, M., Xu, J., Li, L.: Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Information-Theoretic Foundation. IEEE/ACM Transactions on Networking 16(6), 1253–1266 (2008)

    Article  Google Scholar 

  24. Goodrich, M.T.: Efficient Packet Marking for Large-Scale IP Traceback. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), pp. 117–126 (2002)

    Google Scholar 

  25. Jin, C., Wang, H., Shin, K.G.: Hop-Count Filtering: an Effective Defense Against Spoofed DDoS Traffic. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), pp. 30–41 (2003)

    Google Scholar 

  26. Yaar, A., Perrig, A., Song, D.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 93–107 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, City University of Hong Kong, Hong Kong SAR, China

    Yuxin Meng & Lam-for Kwok

Authors
  1. Yuxin Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lam-for Kwok
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematics and Computer Science, Fujian Normal University, 350108, Fuzhou, Fujian, China

    Li Xu

  2. Department of Computer Science, CERIAS and Cyber Center, Purdue University, 47907-2107, West Lafayette, IN, USA

    Elisa Bertino

  3. School of Computer Science and Software Engineering, University of Wollongong, 2522, Wollongong, NSW, Australia

    Yi Mu

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Meng, Y., Kwok, Lf. (2012). Enhancing List-Based Packet Filter Using IP Verification Mechanism against IP Spoofing Attack in Network Intrusion Detection. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34601-9_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34600-2

  • Online ISBN: 978-3-642-34601-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation