Title :
Statistical approach for detecting malicious PCE activity in multi-domain networks
Author :
Gharbaoui, Molka ; Paolucci, Francesco ; Giorgetti, Alessio ; Martini, Barbara ; Castoldi, Piero
Author_Institution :
Scuola Superiore Sant´´Anna, Pisa, Italy
Abstract :
Inter-domain traffic engineering solutions based on the Path Computation Element (PCE) architecture are exposed to information confidentiality issues between network carriers. Licit PCE Protocol (PCEP) request sequences may hide a malicious intention to discover critical intra-domain information through correlations among replies. This work presents an innovative anomaly-based statistical approach based on the Sequential Hypothesis Testing (SHT) aiming to detect malicious utilization of PCEP by peer clients. A novel combined multi-feature SHT formulation is presented in combination with different decision policies for definitely ascertaining whether the behavior of the Path Computation Client (PCC) is malicious or not. Simulation results show improved performance in terms of detection and falsealarms probabilities while guaranteeing a trade-off between detection accuracy and delay.
Keywords :
computer network security; statistical analysis; PCE protocol; PCEP request sequences; anomaly-based statistical approach; information confidentiality issues; interdomain traffic engineering; malicious PCE activity; malicious utilization; multidomain networks; multifeature SHT formulation; network carriers; path computation client; path computation element architecture; peer clients; sequential hypothesis testing; Accuracy; Bandwidth; Computer architecture; Decision making; Feature extraction; Protocols; Testing;
Conference_Titel :
High Performance Switching and Routing (HPSR), 2012 IEEE 13th International Conference on
Conference_Location :
Belgrade
Print_ISBN :
978-1-4577-0831-2
Electronic_ISBN :
Pending
DOI :
10.1109/HPSR.2012.6260845
