Optimal source-based filtering of malicious traffic

Authors:
Fabio Soldo;Katerina Argyraki;Athina Markopoulou
Affiliations:
Department of Electrical Engineering and Computer Science, University of California, Irvine, Irvine, CA;School of Computer Science and Communication Sciences, École Polytechnique Fédédrale de Lausanne, Switzerland;Department of Electrical Engineering and Computer Science, University of California, Irvine, Irvine, CA
Venue:
IEEE/ACM Transactions on Networking (TON)
Year:
2012

Citing 18
Cited 0

Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
An Efficient k-Means Clustering Algorithm: Analysis and Implementation

IEEE Transactions on Pattern Analysis and Machine Intelligence
Observed structure of addresses in IP traffic

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Automatically inferring patterns of resource consumption in network traffic

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Convex Optimization

Convex Optimization
Diamond in the rough: finding Hierarchical Heavy Hitters in multi-dimensional data

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Understanding the network-level behavior of spammers

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Analyzing large DDoS attacks using multiple data sources

Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Solving multidimensional knapsack problems with generalized upper bound constraints using critical event tabu search

Computers and Operations Research
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)

Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
How dynamic are IP addresses?

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Using uncleanliness to predict future botnet addresses

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Exploiting network structure for proactive spam mitigation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
To filter or to authorize: network-layer DoS defense against multimillion-node botnets

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Highly predictive blacklisting

SS'08 Proceedings of the 17th conference on Security symposium
Scalable network-layer defense against internet bandwidth-flooding attacks

IEEE/ACM Transactions on Networking (TON)
Survey of clustering algorithms

IEEE Transactions on Neural Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we consider the problem of blocking malicious traffic on the Internet via source-based filtering. In particular, we consider filtering via access control lists (ACLs): These are already available at the routers today, but are a scarce resource because they are stored in the expensive ternary content addressable memory (TCAM). Aggregation (by filtering source prefixes instead of individual IP addresses) helps reduce the number of filters, but comes also at the cost of blocking legitimate traffic originating from the filtered prefixes. We show how to optimally choose which source prefixes to filter for a variety of realistic attack scenarios and operators' policies. In each scenario, we design optimal, yet computationally efficient, algorithms. Using logs from Dshield.org, we evaluate the algorithms and demonstrate that they bring significant benefit in practice.