Abstract
In this paper, we propose an abnormal IP address detection scheme, which is capable of detecting IP spoofing and network scan attacks. Our scheme learns active host information such as incoming interface number, whether or not working as Web server, whether or not working as DNS server, and etc., by collecting and verifying flow information on networks. By using active host information learned, we can check if IP address is normal or abnormal. Through simulation, the performance of the proposed scheme is evaluated. The simulation results show that our scheme is able to detect source IP spoofing attacks that forge using the IP address of subnet that attacker belongs to as well as using the external IP address. And also, they show that our scheme is able to detect network scan attacks with low false alarm rate.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
