Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
HoneySpam: honeypots fighting spam at the source
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Tracking the role of adversaries in measuring unwanted traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Evaluating the partial deployment of an AS-level IP traceback system
Proceedings of the 2008 ACM symposium on Applied computing
Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Hi-index | 0.00 |
Honeypots have been traditionally used to advertise dark address space and gather information about originators of traffic to such addresses. With simple thresholding mechanisms this technique has shown itself to be fairly effective in identifying suspicious IP addresses. Honeypots are however unsuitable to locate the precise entry point of unwanted traffic. Tracing back to the origination of such traffic is hard due to the delay and difficulty of maintaining state along the path of such traffic. We propose a novel mobile honeypot mechanism that allows unwanted traffic to be detected significantly closer to the origin. The mobility in our scheme stems from additional information that is made available to the upstream ASes as well as the changes in the set of dark address space advertised. Sharing information with a network of friendly ASes has the potential to identify and significantly lower unwanted traffic on such links.