SYSTEM AND METHOD FOR CREATING BGP ROUTE-BASED NETWORK TRAFFIC PROFILES TO DETECT SPOOFED TRAFFIC

• Main Authors: GHOSH, ABHRAJIT, SAWAYA, YUKIKO, VAIDYANATHAN, RAVICHANDER, YAMADA, AKIRA, KUBOTA, AYUMU
• Format: Patent
• Language: English; French; German
• Published: 30.03.2016
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.