Optimal Source-Based Filtering of Malicious Traffic

Details Optimal Source-Based Filtering of Malicious Traffic Optimal Source-Based Filtering of Malicious Traffic

2010-06-07

arxiv.org/abs/1006.1165v1

Computer Science

Networking and Internet Architecture

Conference version appeared in Infocom 2009. Journal version submitted to ToN

Scientific paper

In this paper, we consider the problem of blocking malicious traffic on the Internet, via source-based filtering. In particular, we consider filtering via access control lists (ACLs): these are already available at the routers today but are a scarce resource because they are stored in the expensive ternary content addressable memory (TCAM). Aggregation (by filtering source prefixes instead of individual IP addresses) helps reduce the number of filters, but comes also at the cost of blocking legitimate traffic originating from the filtered prefixes. We show how to optimally choose which source prefixes to filter, for a variety of realistic attack scenarios and operators' policies. In each scenario, we design optimal, yet computationally efficient, algorithms. Using logs from Dshield.org, we evaluate the algorithms and demonstrate that they bring significant benefit in practice.

Affiliated with

Also associated with

No associations

Rating

Optimal Source-Based Filtering of Malicious Traffic does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with Optimal Source-Based Filtering of Malicious Traffic, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Optimal Source-Based Filtering of Malicious Traffic will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-366378