ASAP: Anti-Spoofing Aphorism Using Path-analysis

The immense vulnerabilities within network protocols have led to prevalent spoofing attacks. Security measures such as cryptographic authentication, router level filtering, and other anti-spoofing methods are promising yet inadequate. In fact, research shows almost 50% of existing autonomous systems can be "hijacked" and used as spurious network nodes. Spoofing is falsified node identification of a trusted node and subsequent delivery of imposter data packets. Correctly identifying a packets’ travel path has been widely used to ascertain node positions and flag unexpected locations as spoofing agents. Challenges and inadequacies arise in analyzing the copious dynamic possible packet paths. We propose a practical anti-spoofing technique when routing is asymmetric or multi-path that contrast network connections from trusted nodes after considering all possible routing alternatives, compared to a network path under scrutiny. We subtly perform obscured intrusion detection through hopcounts clustering via IP header’s time-to-live field and special representative nearest captain nodes that differentiate features of valid paths. While many proposed anti-spoofing solutions only analyze static traffic to give ≈ 90% efficacy, we consider all alternatives that deviate from accurate features to achieve improved efficacy of 94.2%.