Network gateway spoofing detection and mitigation

What is claimed is: 1. An endpoint security system implemented in a network gateway system, comprising: a hardware processor; and a memory, configured to store computer program code that, when executed by the hardware processor, performs a security action, the computer program code including: distance estimation code that calculates a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the network gateway system based on time-to-live (TTL) information from the received packet; spoof detection code that determines structural correspondences between the source IP address and one or more known source IP addresses, that splits the source IP address into at least a beginning portion and an end portion, that pads the beginning portion and the end portion to form a normalized source IP address, that estimates an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances, using a machine learning model, and that determines that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance; and security code that performs a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address. 2. The system of claim 1 , wherein the spoof detection code further provides the source IP address and the target network endpoint system IP address to a neural network, where an activation function for neurons in the neural network is determined as: f i = { i = 1 softsign ⁡ ( w d × 256 i = 0 × B 256 × 1 i = 0 + b d × 1 i = 0 ) i ∈ { 1 , … ⁢ , n } softsign ⁡ ( w d × ( 256 + d ) i ∈ { 1 , … ⁢ , ⁢ n } × concat ⁡ ( B 256 × 1 i ∈ { 1 , … ⁢