| 发明名称 |
Method, apparatus and program for detecting spoofed network traffic |
| 摘要 |
A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network. |
| 申请公布号 |
US8925079(B2) |
申请公布日期 |
2014.12.30 |
| 申请号 |
US201113295553 |
申请日期 |
2011.11.14 |
| 申请人 |
Telcordia Technologies, Inc.;KDDI Corporation |
发明人 |
Vaidyanathan Ravichander;Ghosh Abhrajit;Naidu Aditya;Yamada Akira;Kubota Ayumu;Sawaya Yukiko;Miyake Yutaka |
| 分类号 |
G06F11/00;G06F12/14;G06F12/16;G08B23/00;G06F15/173 |
主分类号 |
G06F11/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS), comprising:
said network: receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address;
acquiring a corresponding source and destination IP address prefixes from the source IP address and destination IP address, respectively;converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number;determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information;generating an alert indicating that the incoming packet is not allowed to enter the network;generating the unexpected pair tuple table;generating a list of all paths for each available IP prefix that do not traverse through a protected AS, each AS having a plurality of available IP prefixes, each available IP prefix defining a path;creating pairs of ASes along each path, each pair including an AS number for a destination AS and a source AS number for a source AS, the destination AS is a potential destination for traffic and the source AS is a potential source for traffic;appending a corresponding IP prefix from the destination AS to the source AS number and the destination AS number creating a preliminary unexpected tuple;generating a list of expected paths through the protected AS for each available IP prefix each AS having a plurality of available IP prefixes, each available IP prefix defining a path;creating pairs of ASes along each path, each pair including an AS number for a destination AS and a source AS number for a source AS, the destination AS is a potential destination for traffic and the source AS is a potential source for traffic;appending a corresponding IP prefix from the destination AS, to the source AS number and the destination number, creating an expected tuple;comparing the expected tuple with the preliminary unexpected tuple; andremoving the expected tuple from the preliminary unexpected tuple based upon the comparison, wherein remaining entries in the preliminary unexpected tuple are stored in the unexpected pair tuple. |
| 地址 |
Piscataway NJ US |
