Network endpoint spoofing detection and mitigation

Assignee

• NEC CORPORATION · JP

Inventors

• Cristian Lumezanu · Princeton Junction, US
• Nipun Arora · Plainsboro, US
• Haifeng Chen · Ishikawa, JP
• Bo Zong · Princeton Colonial Park, US
• Daeki Cho · Highland Park, US
• Mingda Li · Los Angeles, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.