Title :
Secure Split Assignment Trajectory Sampling: A Malicious Router Detection System
Author :
Lee, Sihyung ; Wong, Tina ; Kim, Hyong S.
Author_Institution :
Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA
Abstract :
Routing infrastructure plays a vital role in the Internet, and attacks on routers can be damaging. Compromised routers can drop, modify, mis-forward or reorder valid packets. Existing proposals for secure forwarding require substantial computational overhead and additional capabilities at routers. We propose secure split assignment trajectory sampling (SATS), a system that detects malicious routers on the data plane. SATS locates a set of suspicious routers when packets do not follow their predicted paths. It works with a traffic measurement platform using packet sampling, has low overhead on routers and is applicable to high-speed networks. Different subsets of packets are sampled over different groups of routers to ensure that an attacker cannot completely evade detection. Our evaluation shows that SATS can significantly limit a malicious router´s harm to a small portion of traffic in a network
Keywords :
Internet; packet switching; telecommunication network routing; telecommunication security; telecommunication traffic; Internet; high-speed network; malicious router detection system; packet sampling; secure split assignment trajectory sampling; traffic measurement platform; Communication system traffic control; Computer crime; Computer hacking; High-speed networks; Internet; Microwave integrated circuits; Proposals; Routing protocols; Sampling methods; Telecommunication traffic;
Conference_Titel :
Dependable Systems and Networks, 2006. DSN 2006. International Conference on
Conference_Location :
Philadelphia, PA
Print_ISBN :
0-7695-2607-1
DOI :
10.1109/DSN.2006.64
