IP Spoofing Detection Approach(ISDA) for network Intrusion detection system

A new approach for detecting spoofed IP level, called IP Spoofing Detection Approach (ISDA), is proposed. The purpose of this approach is maximally to keep effective parts and remove forged parts of Source IP addresses under flooding attacks and dynamically configure flow aggregation scheme for flow-based network Intrusion detection to build the most effective intrusion detection approach. Our work concentrates on developing an overall framework, which includes building flow aggregation schemes for Flow-based Network Intrusion Detection System (FNIDS), detecting IP address spoofing level and using Fuzzy logic method automatically to activate the most appropriate flow aggregation scheme. Finally, the performance of applying our proposed architecture against flooding DDOS attacks is evaluated by using DARPA 98 data. Results show the significant improvement for FNIDS after applying the IP address spoofing detection algorithms.