ABSTRACT
Detection of routing-based attacks is difficult because malicious routing behavior can be identified only in specific network locations. In addition, the configuration of the signatures used by intrusion detection sensors is a time-consuming and error-prone task because it has to take into account both the network topology and the characteristics of the particular routing protocol in use. We describe an intrusion detection technique that uses information about both the network topology and the positioning of sensors to determine what can be considered malicious in a particular place of the network. The technique relies on an algorithm that automatically generates the appropriate sensor signatures. This paper presents a description of the approach, applies it to an intra-domain distance-vector protocol and reports the results of its evaluation.
- S. Axelsson. Intrusion Detection Systems: A Taxomomy and Survey. Technical Report 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, March 2000.Google Scholar
- K.A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R.A. Olsson. Detecting Disruptive Routers: A Distributed Network Monitoring Approach. In Proceedings of the IEEE Symposium on Security and Privacy, May 1998.Google ScholarCross Ref
- S. Cheung. An Efficient Message Authentication Scheme for Link State Routing. In 13th Annual Computer Security Applications Conference, December 1997. Google ScholarDigital Library
- S. Cheung and K. Levitt. Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection. In Proceedings of the New Security Paradigms Workshop, September 1997. Google ScholarDigital Library
- S. Cheung, K.N. Levitt, and C. Ko. Intrusion Detection for Network Infrastructures. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May 1995.Google Scholar
- M.T. Goodrich. Efficient and Secure Network Routing Algorithms. Provisional patent filing, January 2001.Google Scholar
- R. Hauser, A. Przygienda, and G. Tsudik. Reducing the Cost of Security in Link-State Routing. In Proceedings of the Symposium on Network and Distributed System Security, February 1997. Google ScholarDigital Library
- L.T. Heberlein, K. Levitt, and B. Mukherjee. An intrusion-detection system for large-scale networks. In Proceedings of the 15th National Computer Security Conference, Baltimore, MD, October 1992.Google Scholar
- Christian Huitema. Routing in the Internet. Prentice Hall PTR, 1995. Google ScholarDigital Library
- Y.F. Jou, F. Gong, C. Sargor, X. Wu, F. Wu, H.C. Chang, and F. Wang. Design and Implementation of a Scalable Intrusion Detection System for the Protection of Network Infrastructure. In DARPA Information Survivability Conference and Exposition, January 2000.Google Scholar
- S. Kent, C. Lynn, J. Mikkelson, and K. Seo. Secure Border Gateway Protocol (Secure-BGP) - Real World Performance and Deployment Issues. In Proceedings of the Symposium on Network and Distributed System Security, February 2000.Google Scholar
- S. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (Secure-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582--592, April 2000. Google ScholarDigital Library
- G. Malkin. Rip version 2. IETF RFC 2453, Nov 1998.Google Scholar
- S.L. Murphy. Presentation on Security Architecture of the Internet Infrastructure. In Proceedings of the Symposium on Network and Distributed System Security, April 1995. Google ScholarDigital Library
- S.L. Murphy and M.R. Badger. Digital Signature Protection of the OSPF Routing Protocol. In Proceedings of the Symposium on Network and Distributed System Security, February 1996. Google ScholarDigital Library
- R. Perlman. Network Layer Protocols with Byzantine Robustness. PhD thesis, Department of EECS, MIT, August 1988.Google Scholar
- D. Qu, B.M. Vetter, F. Wang, R. Narayan, F. Wu, F. Jou, F. Gong, and C. Sargor. Statistical Anomaly Detection for Link-State Routing Protocols. In In Proceedings of the 1998 International Conference on Network Protocols, October 1998. Google ScholarDigital Library
- Y. Rekhter and T. Li. A border gateway protocol 4 (bgp-4). IETF RFC 1654, Mar 1995. Google ScholarDigital Library
- B.R. Smith and J.J. Garcia-Luna-Aceves. Securing the Border Gateway Routing Protocol. In Proceedings of Global Internet '96, London, UK, November 1996.Google ScholarCross Ref
- B.R. Smith, S. Murthy, and J.J. Garcia-Luna-Aceves. Securing Distance-Vector Routing Protocols. In Proceedings of the Symposium on Network and Distributed System Security, February 1997. Google ScholarDigital Library
- F. Wang and F. Wu. On the Vulnerablity and Protection of OSPF Routing Protocol. In IEEE Seventh International Conference on Computer Communications and Networks, October 1998. Google ScholarDigital Library
- F. Wu, H.C. Chang, F. Jou, F. Wang, F. Gong, C. Sargor, D. Qu, and R. Cleaveland. Jinao: Design and implementation of a scalable intrusion detection system for the ospf routing protocol, February 1999.Google Scholar
- F. Wu, F. Wang, B.M. Vetter, W.R. Cleaveland, F. Jou, F. Gong, and C. Sargor. Intrusion Detection for Link-State Routing Protocols, December 1996.Google Scholar
- K. Zhang. Efficient Protocols for Signing Routing Messages. In Proceedings of the Symposium on Network and Distributed System Security, February 1998.Google Scholar
- Sensor-based intrusion detection for intra-domain distance-vector routing
Recommendations
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks
IFITA '10: Proceedings of the 2010 International Forum on Information Technology and Applications - Volume 01The exactness of sensed data transmission is essential for wireless sensor networks(WSN) applications. Based on clustering WSN architecture, a secure routing protocol with intrusion detection is hereby proposed, wherein an energy prediction model for ...
Comments