Português English

Proposta de Tese de Lucas Fernando Müller

Detalhes do Evento

Aluno: Lucas Fernando Müller
Orientador: Prof. Dr. Antonio Marinho Pilla Barcellos

Título: Improving Internet Infrastructure Security by Uncovering Spoofed Traffic in Inter-Domain Level Through the Lens of IXPs
Linha de Pesquisa:
Redes de Computadores

Data: 19/02/2019
Horário: 08h30min.
Local: Prédio 43412 – Sala 218 do Instituto de Informática

Banca Examinadora:
– Prof. Dr. Jéferson Campos Nobre (UNISINOS)
– Prof. Dr. Lisandro Zambenedetti Granville (UFRGS)
– Profa. Dra. Renata Cruz Teixeira (INRIA Paris – por videoconferência)

Presidente da Banca: Prof. Dr. Antonio Marinho Pilla Barcellos

Abstract: Identifying networks that leak spoofed packets is operationally challenging at Internet scale. The most definitive method to detect lack of source address validation (SAV) requires an active probing vantage point in each network being tested, limiting its feasibility for comprehensive assessment of Internet spoofing. It requires the ability to infer lack of SAV compliance from large, heavily aggregated Internet traffic data, such as traffic observable at Internet Exchange Points (IXPs). However, doing so requires knowledge of the IXP topology, and creation and maintenance of a list of valid source addresses, per AS, which specifies exactly which source addresses should legitimately appear in packets at the observation point in a given time window, as well as the direction of those packets. This thesis proposes a new methodology to accurately classify spoofed traffic in the inter-domain level using heavily aggregated Internet traffic data. In particular, we expose the complexity underlying BGP-based SAV inference. We propose what we believe is a more realistic methodology compared to the state-of-the-art, and preliminarily evaluate it to data from an IXP in Brazil, including cross-checking our inferences with reports from the IXP and its members. The proposal provides new data that can improve the understanding of spoofed traffic prevalence, if used by ASes connected to IXPs, can aid increase the Internet infrastructure resilience to reflection, flooding, and anonymity attacks.

Keywords: Stability, spoofing, security, customer cone, inter-domain routing.