Article

Reducing unwanted traffic in a backbone network

Authors:

Supratik BhattacharyyaAuthors Info & Claims

SRUTI'05: Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop

Page 2

Published: 07 July 2005 Publication History

Publisher Site

Abstract

This paper studies the techniques a backbone ISP can employ to reduce unwanted traffic on its network. For this purpose, we extract likely sources of exploit (thus unwanted) traffic from packet traces collected on backbone links using an Internet traffic behavior profiling methodology we developed earlier. We first study the characteristics of exploit traffic from several aspects, such as network origins and severity. Based on these characteristics, we propose several heuristic rules that an ISP may pursue for reducing unwanted traffic, and evaluate their cost and performance. Using packet traces collected from backbone links, we demonstrate that simple blocking strategies could potentially reduce substantial exploit traffic in a backbone network.

References

[1]

{1} V. Yegneswaran, P. Barford and J. Ullrich, "Internet intrusions: global characteristics and prevalence," in Proc. of ACM SIGMETRICS, 2003.]]

Crossref

Google Scholar

[2]

{2} R. Pang, V. Yegneswaran, P. Barford, V. Paxson and L. Peterson, "Characteristics of Internet Background Radiation," in Proc. of ACM SIGCOMM Internet Measurement Conference, 2004.]]

Crossref

Google Scholar

[3]

{3} K. Xu, Z.-L. Zhang and S. Bhattacharyya, "Profiling Internet Backbone Traffic: Behavior Models and Applications," in Proc. of ACM SIGCOMM, August 2005.]]

Crossref

Google Scholar

[4]

{4} D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, "Inside the Slammer Worm," IEEE Security and Privacy, July 2003.]]

Crossref

Google Scholar

[5]

{5} K. Xu, Z.-L. Zhang and S. Bhattacharyya, "Reducing Unwanted Traffic in a Backbone Network," Sprint ATL Research Report RR05-ATL-040400, April 2005.]]

Google Scholar

[6]

{6} Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear, "RFC1918: Address Allocation for Private Internets," February 1996.]]

Crossref

Google Scholar

[7]

{7} University of Oregon, "Routeviews archive project," http://archive.routeviews.org/.]]

Google Scholar

[8]

{8} S. Staniford, J. Hoagland, and J. McAlerney, "Practical automated detection of stealthy portscans," Journal of Computer Security, vol. 10, pp. 105-136, 2002.]]

Crossref

Google Scholar

[9]

{9} "SNORT," http://www.snort.org/.]]

Google Scholar

[10]

{10} V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time," Computer Networks, Dec 1999.]]

Crossref

Google Scholar

[11]

{11} J. Jung and V. Paxson and A. Berger and H. Balakrishna, "Fast portscan detection using sequential hypothesis testing," in Proc. of IEEE Symposium on Security and Privacy, 2004.]]

Google Scholar

Cited By

View all

Bartos KRehak M(2012)Towards efficient flow sampling technique for anomaly detectionProceedings of the 4th international conference on Traffic Monitoring and Analysis10.1007/978-3-642-28534-9_11(93-106)Online publication date: 12-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-28534-9_11
Lahiri BAkrotirianakis IMoerchen F(2011)Finding critical thresholds for defining burstsProceedings of the 13th international conference on Data warehousing and knowledge discovery10.5555/2033616.2033664(484-495)Online publication date: 29-Aug-2011
https://dl.acm.org/doi/10.5555/2033616.2033664
Xu KWang FBhattacharyya SZhang Z(2010)Real-time behaviour profiling for network monitoringInternational Journal of Internet Protocol Technology10.1504/IJIPT.2010.0326165:1/2(65-80)Online publication date: 1-Apr-2010
https://dl.acm.org/doi/10.1504/IJIPT.2010.032616
Show More Cited By

Index Terms

Reducing unwanted traffic in a backbone network

Recommendations

Traffic measurement and analysis in an ATM-based internet backbone

This paper reports our measurements and analysis of traffic characteristics in an Internet backbone ATM network. In order to utilize network resource efficiently while satisfying the quality of service requirement, it is important to understand the ...
Designing a predictable backbone network using valiant load-balancing
Detecting traffic differentiation in backbone ISPs with NetPolice
IMC '09: Proceedings of the 9th ACM SIGCOMM conference on Internet measurement

Traffic differentiations are known to be found at the edge of the Internet in broadband ISPs and wireless carriers [13, 2]. The ability to detect traffic differentiations is essential for customers to develop effective strategies for improving their ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SRUTI'05: Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop

July 2005

89 pages

Publisher

USENIX Association

United States

Publication History

Published: 07 July 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
8
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Bartos KRehak M(2012)Towards efficient flow sampling technique for anomaly detectionProceedings of the 4th international conference on Traffic Monitoring and Analysis10.1007/978-3-642-28534-9_11(93-106)Online publication date: 12-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-28534-9_11
Lahiri BAkrotirianakis IMoerchen F(2011)Finding critical thresholds for defining burstsProceedings of the 13th international conference on Data warehousing and knowledge discovery10.5555/2033616.2033664(484-495)Online publication date: 29-Aug-2011
https://dl.acm.org/doi/10.5555/2033616.2033664
Xu KWang FBhattacharyya SZhang Z(2010)Real-time behaviour profiling for network monitoringInternational Journal of Internet Protocol Technology10.1504/IJIPT.2010.0326165:1/2(65-80)Online publication date: 1-Apr-2010
https://dl.acm.org/doi/10.1504/IJIPT.2010.032616
Zhang QWang JLi XKorakis TPau GWakikawa R(2010)Evaluation of bulk traffic mitigation practices in campus networkProceedings of the 6th Asian Internet Engineering Conference10.1145/1930286.1930288(9-15)Online publication date: 15-Nov-2010
https://dl.acm.org/doi/10.1145/1930286.1930288
Kurian JSarac K(2010)A survey on the design, applications, and enhancements of application-layer overlay networksACM Computing Surveys10.1145/1824795.182480043:1(1-34)Online publication date: 3-Dec-2010
https://dl.acm.org/doi/10.1145/1824795.1824800
Mahmood AHu JTari ZLeckie C(2010)Critical infrastructure protectionJournal of Network and Computer Applications10.1016/j.jnca.2010.01.00333:4(491-502)Online publication date: 1-Jul-2010
https://dl.acm.org/doi/10.1016/j.jnca.2010.01.003
Rehak MStaab EPechoucek MStiborek JGrill MBartos KSierra CCastelfranchi CDecker KSichman J(2009)Dynamic information source selection for intrusion detection systemsProceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems - Volume 210.5555/1558109.1558153(1009-1016)Online publication date: 10-May-2009
https://dl.acm.org/doi/10.5555/1558109.1558153
Rehak MPechoucek MGrill MBartos KKrmicek VCeleda P(2009)Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probesInternational Journal of Electronic Security and Digital Forensics10.1504/IJESDF.2009.0238742:1(35-48)Online publication date: 1-Mar-2009
https://dl.acm.org/doi/10.1504/IJESDF.2009.023874
Zhang HZhu XGuo WSohn SUm KKo FKwack KLee JKou GNakamura KFong AMa PChen LHwang SCho KKawata S(2009)TCP portscan detection based on single packet flows and entropyProceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human10.1145/1655925.1656116(1056-1060)Online publication date: 24-Nov-2009
https://dl.acm.org/doi/10.1145/1655925.1656116
Sadok DSouto EFeitosa EKelner JWestberg L(2009)RIP - A robust IP access architectureComputers and Security10.1016/j.cose.2009.02.00228:6(359-380)Online publication date: 1-Sep-2009
https://dl.acm.org/doi/10.1016/j.cose.2009.02.002
Show More Cited By

Abstract

References

Cited By

Index Terms

Recommendations

Traffic measurement and analysis in an ATM-based internet backbone

Designing a predictable backbone network using valiant load-balancing

Detecting traffic differentiation in backbone ISPs with NetPolice

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations