Jasper Eumann: IP Spoofing Detection in Inter-Domain Traffic

A Reproducibility Study of "IP Spoofing Detection in Inter-Domain Traffic''
  • When Oct 09, 2019 from 03:00 PM to 04:00 PM (CET / UTC200)
  • Where R 4.60
  • Contact Name
  • Add event to calendar iCal

IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the attacker's network, but very challenging at Internet eXchange Points (IXPs) or in transit networks.
In this reproducibility study, we revisit the paper Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses published at ACM IMC 2017.
Using data from a different IXP and from a different time,  we found that the manual component of the methodology (i) represents the major challenge in terms of repeatability, and has (ii) a significant effect on the results; this highlights challenges in deploying approaches based on current methods in an automated fashion.