Deployment of Source Address Validation by Network Operators: A Randomized Control Trial

Q.B. Lone, Alisa Frik, Matthew Luckie, MacIej Korczyński, M.J.G. van Eeten, C. Hernandez Ganan

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

4 Citations (Scopus)
28 Downloads (Pure)


IP spoofing, sending IP packets with a false source IP address, continues to be a primary attack vector for large-scale Denial of Service attacks. To combat spoofing, various interventions have been tried to increase the adoption of source address validation (SAV) among network operators. How can SAV deployment be increased? In this work, we conduct the first randomized control trial to measure the effectiveness of various notification mechanisms on SAV deployment. We include new treatments using nudges and channels, previously untested in notification experiments. Our design reveals a painful reality that contrasts with earlier observational studies: none of the notification treatments significantly improved SAV deployment compared to the control group. We explore the reasons for these findings and report on a survey among operators to identify ways forward. A portion of the operators indicate that they do plan to deploy SAV and ask for better notification mechanisms, training, and support materials for SAV implementation.
Original languageEnglish
Title of host publicationProceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022
Number of pages18
ISBN (Electronic)9781665413169
Publication statusPublished - 2022
Event43rd EEE Symposium on Security and Privacy (SP) - San Francisco, United States
Duration: 22 May 202226 May 2022
Conference number: 43


Conference43rd EEE Symposium on Security and Privacy (SP)
Country/TerritoryUnited States
CitySan Francisco
Internet address

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.


Dive into the research topics of 'Deployment of Source Address Validation by Network Operators: A Randomized Control Trial'. Together they form a unique fingerprint.

Cite this