Article

Sensor-based intrusion detection for intra-domain distance-vector routing

Authors:
Vishal Mittal

University of California Santa Barbara

University of California Santa Barbara
View Profile

,
Giovanni Vigna

University of California Santa Barbara

University of California Santa Barbara
View Profile

CCS '02: Proceedings of the 9th ACM conference on Computer and communications securityNovember 2002Pages 127–137https://doi.org/10.1145/586110.586129

Published:18 November 2002Publication History

CCS '02: Proceedings of the 9th ACM conference on Computer and communications security

Pages 127–137

ABSTRACT

Detection of routing-based attacks is difficult because malicious routing behavior can be identified only in specific network locations. In addition, the configuration of the signatures used by intrusion detection sensors is a time-consuming and error-prone task because it has to take into account both the network topology and the characteristics of the particular routing protocol in use. We describe an intrusion detection technique that uses information about both the network topology and the positioning of sensors to determine what can be considered malicious in a particular place of the network. The technique relies on an algorithm that automatically generates the appropriate sensor signatures. This paper presents a description of the approach, applies it to an intra-domain distance-vector protocol and reports the results of its evaluation.

References

S. Axelsson. Intrusion Detection Systems: A Taxomomy and Survey. Technical Report 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, March 2000.Google Scholar
K.A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R.A. Olsson. Detecting Disruptive Routers: A Distributed Network Monitoring Approach. In Proceedings of the IEEE Symposium on Security and Privacy, May 1998.Google ScholarCross Ref
S. Cheung. An Efficient Message Authentication Scheme for Link State Routing. In 13th Annual Computer Security Applications Conference, December 1997. Google ScholarDigital Library
S. Cheung and K. Levitt. Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection. In Proceedings of the New Security Paradigms Workshop, September 1997. Google ScholarDigital Library
S. Cheung, K.N. Levitt, and C. Ko. Intrusion Detection for Network Infrastructures. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May 1995.Google Scholar
M.T. Goodrich. Efficient and Secure Network Routing Algorithms. Provisional patent filing, January 2001.Google Scholar
R. Hauser, A. Przygienda, and G. Tsudik. Reducing the Cost of Security in Link-State Routing. In Proceedings of the Symposium on Network and Distributed System Security, February 1997. Google ScholarDigital Library
L.T. Heberlein, K. Levitt, and B. Mukherjee. An intrusion-detection system for large-scale networks. In Proceedings of the 15th National Computer Security Conference, Baltimore, MD, October 1992.Google Scholar
Christian Huitema. Routing in the Internet. Prentice Hall PTR, 1995. Google ScholarDigital Library
Y.F. Jou, F. Gong, C. Sargor, X. Wu, F. Wu, H.C. Chang, and F. Wang. Design and Implementation of a Scalable Intrusion Detection System for the Protection of Network Infrastructure. In DARPA Information Survivability Conference and Exposition, January 2000.Google Scholar
S. Kent, C. Lynn, J. Mikkelson, and K. Seo. Secure Border Gateway Protocol (Secure-BGP) - Real World Performance and Deployment Issues. In Proceedings of the Symposium on Network and Distributed System Security, February 2000.Google Scholar
S. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (Secure-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582--592, April 2000. Google ScholarDigital Library
G. Malkin. Rip version 2. IETF RFC 2453, Nov 1998.Google Scholar
S.L. Murphy. Presentation on Security Architecture of the Internet Infrastructure. In Proceedings of the Symposium on Network and Distributed System Security, April 1995. Google ScholarDigital Library
S.L. Murphy and M.R. Badger. Digital Signature Protection of the OSPF Routing Protocol. In Proceedings of the Symposium on Network and Distributed System Security, February 1996. Google ScholarDigital Library
R. Perlman. Network Layer Protocols with Byzantine Robustness. PhD thesis, Department of EECS, MIT, August 1988.Google Scholar
D. Qu, B.M. Vetter, F. Wang, R. Narayan, F. Wu, F. Jou, F. Gong, and C. Sargor. Statistical Anomaly Detection for Link-State Routing Protocols. In In Proceedings of the 1998 International Conference on Network Protocols, October 1998. Google ScholarDigital Library
Y. Rekhter and T. Li. A border gateway protocol 4 (bgp-4). IETF RFC 1654, Mar 1995. Google ScholarDigital Library
B.R. Smith and J.J. Garcia-Luna-Aceves. Securing the Border Gateway Routing Protocol. In Proceedings of Global Internet '96, London, UK, November 1996.Google ScholarCross Ref
B.R. Smith, S. Murthy, and J.J. Garcia-Luna-Aceves. Securing Distance-Vector Routing Protocols. In Proceedings of the Symposium on Network and Distributed System Security, February 1997. Google ScholarDigital Library
F. Wang and F. Wu. On the Vulnerablity and Protection of OSPF Routing Protocol. In IEEE Seventh International Conference on Computer Communications and Networks, October 1998. Google ScholarDigital Library
F. Wu, H.C. Chang, F. Jou, F. Wang, F. Gong, C. Sargor, D. Qu, and R. Cleaveland. Jinao: Design and implementation of a scalable intrusion detection system for the ospf routing protocol, February 1999.Google Scholar
F. Wu, F. Wang, B.M. Vetter, W.R. Cleaveland, F. Jou, F. Gong, and C. Sargor. Intrusion Detection for Link-State Routing Protocols, December 1996.Google Scholar
K. Zhang. Efficient Protocols for Signing Routing Messages. In Proceedings of the Symposium on Network and Distributed System Security, February 1998.Google Scholar

Sensor-based intrusion detection for intra-domain distance-vector routing
1. Networks
  1. Network protocols
    1. Network layer protocols

Recommendations

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Read More
Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Read More
A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks
IFITA '10: Proceedings of the 2010 International Forum on Information Technology and Applications - Volume 01

The exactness of sensed data transmission is essential for wireless sensor networks(WSN) applications. Based on clustering WSN architecture, a secure routing protocol with intrusion detection is hereby proposed, wherein an energy prediction model for ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '02: Proceedings of the 9th ACM conference on Computer and communications security
November 2002
284 pages
ISBN:1581136129
DOI:10.1145/586110
Editor:
Vijay Atluri
Rutgers University
,
General Chair:
Sushil Jajodia
George Mason University
,
Program Chair:
Ravi Sandhu
SingleSignOn.Net and George Mason University
Copyright © 2002 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 November 2002
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
intrusion detection
network topology
routing security
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate1,261of6,999submissions,18%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 15
  Total Citations
  View Citations
- 1,619
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Sensor-based intrusion detection for intra-domain distance-vector routing

CCS '02: Proceedings of the 9th ACM conference on Computer and communications security

ABSTRACT

References

Cited By

Recommendations

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

Rule generalisation in intrusion detection systems using SNORT

A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks