Filtering of Unwanted Traffic

People:

Funding:

Student research at UCI is partially supported by a VURI gift from AT&T Research for the academic year 07-08.

Problem Statement:

There is a large, and increasing, amount of unwanted traffic on the Internet today, including: distributed denial-of-service (DDoS) attacks, spam, scanning etc. One way to deal with this problem is to filter unwanted traffic at the routers based on source IP addresses. Because of the limited number of available filters in the routers today, aggregation is used: a single filter blocks an entire prefix/range of IP addresses. This results in blocking all (unwanted and wanted) traffic generated from hosts with IP addresses in that range. In our work so far, we have developped a family of algorithms that construct a compact set of filtering rules, taking into account various objectives (amount of unwanted traffic blocked, collateral damage on legitimate traffic, policy) and constraints (number of available filters, victim's access bandwidth).

In parallel, we are studying the characteristics of several publicly available blacklists in order to develop a reputation system that can be used to identify the sources of unwanted traffic. The output of such a system should be the input to the filtering algorithms, which can then block the unwanted traffic. More generally, we are interested in filtering-based defense systems against unwanted traffic. We view the filtering mechanisms as one of the building blocks in that bigger effort.

Publications:

Last updated: Dec. 07