Detecting packet modification attack by misbehaving router

The next generation Internet supports dynamic deployment of different protocols and heterogeneous applications. To support this, routers in next generation computer networks use general purpose programmable packet processors. The customization of routers introduces increased vulnerabilities and attacks that allow potential attackers to compromise the router. Since network routers play a key role in todays network data transport, they became an interesting targets for attackers. An attacker can mount different attacks like denial-of-service or man-in-the-middle by intelligently dropping, modifying or diverting packets arriving at a compromised router. In this paper, we considered the problem of detecting packet modification attack which is performed by an attacker through misbehaving router. Since it is necessary to differentiate malicious packet modification from regular packet modification, detecting such an attack is challenging task. We proposed a controller-based packet modification misbehavior detection technique that excellently detects malicious packet modification by using a hash-based comparison of incoming and outgoing packets of the router. Experiments were carried out using Mininet Simulator and based on the results obtained, we observe that our proposed technique unambiguously detects the malicious packet modification.