A Reproducibility Study of "IP Spoofing Detection in Inter-Domain Traffic"
This highlights reproducibility challenges in network security research, which is incremental as it critiques rather than advances the field.
The study attempted to reproduce a prior method for detecting IP spoofing in inter-domain traffic at IXPs, but failed to replicate the results using different data, revealing structural issues in the existing methodology.
IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. Detecting IP packets with incorrect source addresses would help to improve the situation. This is easy at the attacker's network, but very challenging at Internet eXchange Points (IXPs) or in transit networks. In this reproducibility study, we revisit the paper \textit{Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses} published at ACM IMC 2017. Using data from a different IXP and from a different time, we were not able to reproduce the results. Unfortunately, our further analysis reveals structural problems of the state of the art methodology, which are not easy to overcome.