Date Added: Aug 2011
The standard paradigm when securing networks is to filter ingress traffic to the domain to be protected. Even though many tools and techniques have been developed and employed over the recent years for this purpose, the authors are still far from having secure networks. In this paper, they propose a paradigm shift on the way they secure networks, by investigating whether it would not be efficient to filter egress traffic as well. The main benefit of this approach is the possibility to mitigate malicious activities before they reach the Internet. To evaluate their proposal, they have developed a prototype and conducted experiments using NetFlow data from the University of Twente.