A Reproducibility Study of IP Spoofing Detection in Inter-Domain - PowerPoint PPT Presentation

Apr 05, 2024 •231 likes •326 views

A Reproducibility Study of IP Spoofing Detection in Inter-Domain Traffic Jasper Eumann, Raphael Hiesgen, Thomas C. Schmidt, Matthias Whlisch t.schmidt@haw-hamburg.de Spoofing Detection in Interdomain Traffic Starting Point: Our

A Reproducibility Study of “IP Spoofing Detection in Inter-Domain Traffic” Jasper Eumann, Raphael Hiesgen, Thomas C. Schmidt, Matthias Wählisch t.schmidt@haw-hamburg.de
Spoofing Detection in Interdomain Traffic Starting Point: Our objective: • Lichtblau, Streibelt, Krüger, Richter, Feldmann: • Build a software infrastructure that can Detection, Classification, and Analysis of Inter- scrub spoofed traffic at IXPs in real-time Domain Traffic with Spoofed Source IP • First: Reproduce results with a different Addresses, IMC 2017 team, different setup, data and times Claim: • Method to passively detect spoofed Our approach: packets in traffic exchanged between networks in the inter-domain Internet • Iterate methods and (provided) scripts at that minimizes false positives a large regional IXP Application domain: IXP • Extend the analysis with additional BGP data sets and dig into classified traffic • Measurements and Analyses preformed at a large European IXP
The IMC‘17 Approach Idea: If a valid packet leaves an AS, it must originate from the routable cone of the emitting AS, i.e., belongs to a prefix reachable through it Three approaches to identify these cones: • Naïve: A prefix P is in the cone of AS A, iff A appears on a BGP path for P • CAIDA customer cone: All prefixes of customer ASes • Full cone: Extends the naïve cone by assuming transitive relations between all neighboring ASes for all prefixes
Classification Traffic types • Regular • Bogon: Private or multicast source addresses • Unrouted: Source addresses from unannounced IP space • Invalid: Classified as spoofed
Time Series for Classified Traffic
Packet Properties IMC’17 sees 90 % of invalid UDP traffic to port 123 (NTP)
Looking Deeper in our Invalid Traffic
Summary • Results of IMC’17 could not be reproduced • Particular discrepancies for Full Cone approach • Traffic classified as invalid appears mainly unspoofed • Majority of traffic seems HTTP(s) or Quick – not NTP or DNS • False positive indicators dominate • Our impression: determination of cones not accurate enough • BGP visibility too low • Authors of IMC’17 manually added peerings after traffic inspection • Approach seems unsuitable for operational deployment

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Reproducibility Study of IP Spoofing Detection in Inter-Domain Traffic Jasper Eumann

A Reproducibility Study of IP Spoofing Detection in Inter-Domain Traffic Jasper Eumann October 9, 2019 iNET RG, Hamburg University of Applied Sciences Overview IP Spoofing Mitigation in General Detection in Inter-Domain Traffic

778 views • 42 slides

Gen Gener eral In Inter eres ests: Secure Proximity / Distance Measurement GPS Spoofing and

Gen Gener eral In Inter eres ests: Secure Proximity / Distance Measurement GPS Spoofing and Spoofing Detec:on Usable Authen:ca:on (2FA) Security of Blockchains / Cryptocurrencies Trusted Compu:ng Secure Proximi mity / Distance Measureme

589 views • 30 slides

Recent trends in Interference Mitigation and Spoofing Detection ! Fabio Dovis ! Electronics Dept.,

Recent trends in Interference Mitigation and Spoofing Detection ! Fabio Dovis ! Electronics Dept., Politecnico di Torino, Italy ! !"#$%&''()*++,(-./0121,(3*4*54)*++( Outline ! GNSS vulnerabilities ! Classification of interfering

970 views • 50 slides

Discussion: Reproducibility and Cross-study Replicability of Prognostic Signatures from High

Discussion: Reproducibility and Cross-study Replicability of Prognostic Signatures from High Throughput Genomic Data Lee Dicker Rutgers University May 2, 2014 Rutgers Statistics Symposium Discussion: Reproducibility and Cross-study

371 views • 12 slides

IP Spoofing Detection Through Time to Live Header Analysis Final Talk BSc Informatics Arno Hilke

Chair for Network Architectures and Services Technische Universitt Mnchen IP Spoofing Detection Through Time to Live Header Analysis Final Talk BSc Informatics Arno Hilke Supervisor : Prof. Dr.-Ing. Georg Carle Advisors : Quirin Scheitle,

663 views • 16 slides

disclaimer: half-baked ideas IP spoofing is a well-known problem a key component of such

disclaimer: half-baked ideas IP spoofing is a well-known problem a key component of such DDoS attacks addressing spoofing attempts to eliminate spoofing, not adopted IETF BCPs 38-84, ISOC MANRS scrubbing centers (eg Akamai,

700 views • 19 slides

Haltermann Test & Reference Fuels Proposed CARB-III Repeatability and Reproducibility Study

Haltermann Test & Reference Fuels Proposed CARB-III Repeatability and Reproducibility Study Study Basis Fuel samples produced in lab under controlled conditions Manufacturing scale would present additional challenges 16

387 views • 3 slides

Inter-Arrival Curves for Multi-Mode and Online Anomaly Detection Mahmoud Salem, Mark Crowley,

Work-in-Progress Session Inter-Arrival Curves for Multi-Mode and Online Anomaly Detection Mahmoud Salem, Mark Crowley, and Sebastian Fischmeister 2 Inter-arrival Curves for Anomaly Detection [1] Inter-arrival curves make good features for

514 views • 8 slides

Reproducibility and Cross-study Replicability of Prognostic Signatures from High Throughput

Reproducibility and Cross-study Replicability of Prognostic Signatures from High Throughput Genomic Data giovanni parmigiani@dfci.harvard.edu 2014 Rutgers Statistics Symposium signatures and prognosis Sorlie PNAS 03 CuratedOvarianData

275 views • 24 slides

TRAINING INTER STATE STUDY TOUR TO NDRI KARNAL TRAINING INTER STATE STUDY TOUR TO

TRAINING INTER STATE STUDY TOUR TO NDRI KARNAL TRAINING INTER STATE STUDY TOUR TO JALGAON STUDY TOUR TO JAIPUR TRAINING WITHIN STATE TRANING AT KVK BAJAURA TRAINING WITHIN DISTRICT TRAINING AT TRAINING AT RICE AND WHEAT RESERCH

478 views • 24 slides

New NIH requirements regarding Rigor and Reproducibility

New NIH requirements regarding Rigor and Reproducibility http://grants.nih.gov/reproducibility/faqs.htm 1. The scientific premise of the proposed research 2. Rigorous experimental design for robust and unbiased results 3. Consideration of

333 views • 10 slides

The structure of European development Community detection in inter-industry and external

Introduction Methodology Community Detection Labour and Subsystems From IO to Countries From Trade to Commodities The structure of European development Community detection in inter-industry and external trade networks Nadia Garbellini

839 views • 65 slides

Computational Reproducibility in Production Physics Applications Numerical Reproducibility at

Slide 1 Computational Reproducibility in Production Physics Applications Numerical Reproducibility at Exascale Workshop Supercomputing 2015 November 20, 2015 Robert W. Robey Los Alamos National Laboratory LA-UR-15-28798 UNCLASSIFIED

115 views • 10 slides

Open data provenance and reproducibility: a case study from publishing CMS open data Tibor

Open data provenance and reproducibility: a case study from publishing CMS open data Tibor Simko 1 Heitor Pascoal de Bittencourt 2 Edgar Carrera 2 Clemens Lange 2 Kati Lassila-Perini 2 Lara Lloret 2 Tom McCauley 2 Jan Okraska 1 Daniel

391 views • 15 slides

Study on Winter Road Surface Friction Characteristics and Their Reproducibility Roberto TOKUNAGA 1

2016 International Conference & Workshop on Winter Maintenance and Surface Transportation Weather Study on Winter Road Surface Friction Characteristics and Their Reproducibility Roberto TOKUNAGA 1 , Akihiro FUJIMOTO 1 , Kenji SATO 1 , Naoto

189 views • 14 slides

Compressing Inverted Indexes with Recursive Graph Bisection: A Reproducibility Study Joel

Compressing Inverted Indexes with Recursive Graph Bisection: A Reproducibility Study Joel Mackenzie 1 Antonio Mallia 2 Mathias Petri 3 J. Shane Culpepper 1 Torsten Suel 2 1 RMIT University, Melbourne, Australia 2 New York University, New York, USA

1.07k views • 61 slides

Jet cone sizes : Standardize between ATLAS and CMS? N. Saoulidou, University of Athens, Greece

Jet cone sizes : Standardize between ATLAS and CMS? N. Saoulidou, University of Athens, Greece & S.Lee, Texas Tech. University, USA N. Saoulidou, S. Lee 1 Common cone sizes Everyone agrees that it would be nice to have common jet cone

106 views • 7 slides

Tra racking Hyper Bo cking Hyper Boosted sted Top Q p Qua uarks @ 100 T rks @ 100 TeV eV

Tra racking Hyper Bo cking Hyper Boosted sted Top Q p Qua uarks @ 100 T rks @ 100 TeV eV Michel Mi chele Sel e Selva vaggi ggi (CP3) (CP3) An Andr drew w Lar Larko koski ski (MIT), Fabi abio Mal altoni (CP CP3) Flavo vor

623 views • 31 slides

Orbi Mapping Spaces Dorette Pronk (with Vesta Coufal, Carmen Rovi, Laura Scull, Courtney

Orbi Mapping Spaces Dorette Pronk (with Vesta Coufal, Carmen Rovi, Laura Scull, Courtney Thatcher) Dalhousie University Union College, October 19, 2013 Outline Orbispaces Orbigroupoids Groupoid Maps Morita Equivalence Orbimaps Orbi

1.32k views • 52 slides

What is the Euler characteristic of moduli space ? Compactified moduli space ? n 3 4

Illustration The Gauss-Bonnet theorem for cone manifolds F and volumes of moduli spaces Curtis McMullen Avg of |F | 2 in the hyperbolic metric? Holomorphic Galois conjugation Answer: 1/3 Kappes--Mller (2012) Thurston

443 views • 5 slides

tts strt s tr

tts strt s tr t rst tr Prt

535 views • 24 slides

$c*,nr+-T)1,.^ ,a,],;.) \ Nsr'pLh,. c-^-a- 5(n) = Aj \anet.({) lo yI}ii,;:", J atwa(r) = 4$

c*,nr+-T)1,.^ ,a,],;.) \ Nsr'pLh,. c-^-a- 5(n) = Aj \anet.({) lo yI}ii,;:", J atwa(r) = 4

It^ fu.".11" t*:'- E Yu, G.n*-l^i' \vriv . Bo-nne-s - crvRs ,. I).1^ {"- J,l. ra y.\X n'oo'lcr (yver.4-...n* lror@ uo,-ren,.'l f) l* _ \ I f'^t '\ Rl"'-i) )oL^ {^.-U th) G cennLck f* -/ c*,nr+-T)1,.^ ,a,],;.) \ Nsr'pLh,.

634 views • 9 slides

Class 42: Free symmetric top Class 42: Free symmetric top Free symmetric top in body frame Assume

Class 42: Free symmetric top Class 42: Free symmetric top Free symmetric top in body frame Assume = = (symmetric) and no external torque acting on the top: Assume 1 = 2 = (symmetric) and no external torque acting on the top:

63 views • 3 slides

MATH529 Fundamentals of Optimization Fundamentals of Constrained Optimization IV Marco A.

MATH529 Fundamentals of Optimization Fundamentals of Constrained Optimization IV Marco A. Montes de Oca Mathematical Sciences, University of Delaware, USA 1 / 26 Example maximize x + y 2 subject to: x y = 5 x 2 + 9 y 2 25 2 / 26

573 views • 26 slides