Open Access  Subscription or Fee Access

Consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. The concerned with a simple yet effective attack in which a router selectively drops packets destined for some victim. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. This heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks. They have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions

Internet Dependability, Intrusion Detection And Tolerance, Distributed Systems, Reliable Networks, Malicious Routers.

K.A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R.A. Olsson, “Detecting and isolating malicious routers,” Procedure IEEE Security And Privacy (S&P ’98)

S. Cheung, “An efficient message authentication scheme for link state routing,” Computer Security Applications Conference (Acsac ’97), page to page 90-98

M.T. Goodrich, Denial of service attacks and counter strategies, Provisional Patent Filing

Y.-C. Hu, A. Perrig, and D.B. Johnson, “Ariadne: A secure on demand routing protocol for Ad Hoc Networks,”

S. Kent, C. Lynn, J. Mikkelson, and K. Seo, “Using conservation of flow in network protocols” IEEE J. Selected Areas In Communication, Volume 18, Number 4, Page to page 582-592

A.T. Mizrak, Y.-C. Cheng, K. Marzullo, And S. Savage, “Methods for detecting and isolating malicious routers,” IEEE Transanction dependable and secure computing, Volume 3, Number 3

B.R. Smith and J. Garcia-Luna-Aceves, “Measurement of temporal dependence in packet loss,” IEEE Global Internet

L. Subramanian, V. Roth, I. Stoica, S. Shenker, And R. Katz, “An efficient message authentication scheme,” Networked systems design and implementation (Nsdi ’04)

R. Thomas, ISP security Bof, Nanog 28, Http://www.nanog.org/Mtg-0306/pdf/Thomas.pdf