- Transport-Layer Abusive Traffic Detection and Mitigation
Summary:Abusive traffic abounds on the Internet, often originating from "botnets,"
distributed collections of compromised hosts under common control. We are
investigating a unique approach to detecting bots, botnet infrastructure, and
mitigating abusive traffic via transport-level (i.e. TCP) traffic signal
analysis. Our key insight is that local botnet behavior manifests remotely as
a discriminative signal. Rather than relying on content signatures or
reputation measures, we exploit botnets' basic requirement to source large
amounts of data, be it attacks, scam-hosting, spam, or other yet-to-be imagined
malicious traffic. By using statistical traffic signal characterization
methods, we can provide a difficult-to-subvert discriminator. This IP and
content agnostic approach is privacy preserving, permitting deployment within
the network core and offering the possibility to stanch malicious traffic
before it saturates access links.
More info:
http://www.cmand.org/tta/
- High-Frequency Active Internet Topology Mapping
Summary:
Current large-scale topology mapping systems require multiple days to
characterize the Internet due to the large amount of
probing traffic they incur. The accuracy of maps from existing
systems is unknown, yet empirical evidence suggests that additional
fine-grained probing exposes hidden links and temporal dynamics.
Through longitudinal analysis of data from the Archipelago and iPlane
systems, in conjunction with our own active probing, we examine how to
shorten Internet topology mapping cycle time. In particular, this
work develops discriminatory primitives that maximize topological
fidelity while being efficient.
More info:
http://www.rbeverly.net/research/papers/direct-imc10.html
- Understanding the Efficacy of IP Source Address Validation
Summary:
IP source address forgery, or "spoofing," is a long-recognized consequence of
the Internet's lack of packet-level authenticity. Despite historical precedent
and filtering and tracing efforts, attackers continue to utilize spoofing for
anonymity, indirection, and amplification. Using a distributed infrastructure
and active measurement, we collect data on the prevalence and efficacy of
current best-practice source address validation techniques. We uncover
significant differences in filtering depending upon network geographic region,
type, and size. We provide initial longitudinal results on the evolution of
spoofing revealing no mitigation improvement over four years of measurement.
Our analysis provides an empirical basis for evaluating incentive and
coordination issues surrounding existing and future Internet packet
authentication strategies.
More info:
http://spoofer.csail.mit.edu/index.php
|
|
