Title :
Statistical anomaly detection for link-state routing protocols
Author :
Qu, Diheng ; Vetter, Brian M. ; Wang, Feiyi ; Narayan, Ravindra ; Wu, S. Felix ; Hou, Y.F. ; Gong, Fengmin ; Sargor, Chandru
Author_Institution :
Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC, USA
Abstract :
The JiNao project at MCNC/NCSU focuses on detecting intrusions, especially insider attacks, against the OSPF (open shortest path first) routing protocol. This paper presents the implementation and experiments of JiNao´s statistical intrusion detection module. Our implementation is based upon the algorithm developed in SRI´s NIDES (next-generation intrusion detection expert system) project. Some modifications and improvements to NIDES/STAT are made for a more effective implementation in our environment. Also, three OSPF insider attacks (e.g., maxseq, maxage, and seq++ attacks) have been developed for evaluating the efficacy of detecting capability. The experiments were conducted on two different network routing testbeds. The results indicate that the proposed statistical mechanism is very effective in detecting these routing protocol attacks
Keywords :
Internet; statistical analysis; telecommunication network routing; transport protocols; JiNao project; MCNC/NCSU; OSPF routing protocol; insider attacks; intrusions; link-state routing protocols; maxage attack; maxseq attack; network routing testbeds; open shortest path first routing protocol; seq++ attack; statistical anomaly detection; statistical intrusion detection module; statistical mechanism; Computer science; Electrical capacitance tomography; Heart; IP networks; Intrusion detection; Iron; Laboratories; Routing protocols; Statistics; Testing;
Conference_Titel :
Network Protocols, 1998. Proceedings. Sixth International Conference on
Conference_Location :
Austin, TX
Print_ISBN :
0-8186-8988-9
DOI :
10.1109/ICNP.1998.723726
