The current Internet makes forwarding decisions based on only destination addresses, leading to a prevalence of IP source address spoofing. To mitigate the risks posed by IP spoofing, Source Address Validation in Intr...
详细信息
The rapid growth of the Industrial Internet of Things (IIoT) requires a secure meta-computing environment to support applications like industrial monitoring and remote control. However, this environment faces major se...
详细信息
The rapid growth of the Industrial Internet of Things (IIoT) requires a secure meta-computing environment to support applications like industrial monitoring and remote control. However, this environment faces major security challenges, especially the risk of source address forgery, which can enable DDoS and botnet attacks, disrupting operations and compromising equipment. Current Internet infrastructure forwards packets based only on destination addresses, lacking the capability for source address verification. Although edge-based solutions like firewalls and systems, such as source address validation architecture (SAVA) and source address validation improvement (SAVI), are deployed, they fall short of comprehensive source address validation (SAV), allowing malicious traffic to propagate through core networks. To enhance security, a collaborative approach based on meta-computing principles is needed, allowing routers to verify source addresses cooperatively. Given the impracticality of fully upgrading routers, incrementaldeployment is essential. We show that optimizing incremental SAV deployment is NP-hard. To address this, we propose collaborative optimized source address filtering (COSAF), a heuristic algorithm that uses a sink-tree structure to effectively filter attack flows and optimize resource allocation. COSAF also takes SAV table capacity into account to improve resource utilization. Extensive simulations demonstrate that COSAF outperforms traditional methods.
暂无评论