Presentation is loading. Please wait.

Presentation is loading. Please wait.

Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego.

Published bySandra Gamble Modified over 10 years ago

Similar presentations

Presentation on theme: "Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego."— Presentation transcript:

1 Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego

2 Alper T. Mızrak; University of California, San Diego2 Introduction Modern packet switched data networks. Data forwarded hop-by-hop from router to router towards destination. Routers can be compromised, To attack on the data plane: E.g. alter, misroute, drop, reorder, delay or fabricate data packets.

3 Alper T. Mızrak; University of California, San Diego3 Introduction Goal: Fault tolerant forwarding in the face of malicious routers. Approach: Given a routing protocol, the decisions that routers make are predictable. … so this problem is a candidate for anomaly-based intrusion detection Outline Traffic Validation Distributed Detection Countermeasure

4 Alper T. Mızrak; University of California, San Diego4 Traffic Validation Way to tell that traffic isnt disrupted en route Traffic Summary Information: How to concisely represent tv_info r ? The most precise description of traffic at a router an exact copy of that traffic. Many characteristics of the traffic can be summarized far more concisely: Conservation of flow: a counter Conservation of content: a set of fingerprints Conservation of content order: a list of fingerprints a b tv_info a : [f 1, f 2, f 3, f 4 ] tv_info b : [f 2, f 4, f 3 ]

5 Alper T. Mızrak; University of California, San Diego5 Traffic Validation In an idealized network, TV might check tv_info ri = tv_info rj However, real networks occasionally Lose packet due to congestion. Reorder packets due to internal multiplexing. Corrupt packets due to interface errors. Transport protocols deal with such problems. TV needs to notice when such behaviors become excessive. a b tv_info a : [f 1, f 2, f 3, f 4 ] tv_info b : [f 2, f 4, f 3 ]

6 Alper T. Mızrak; University of California, San Diego6 Distributed Detection Detect suspicious path segments, not individual routers. An FD returns a pair (, ) where is a path segment: α -Accuracy: An FD is α -Accurate if, whenever a correct router suspects (, ), then | | α and some router r was faulty during. α -Completeness: An FD is α -Complete if, whenever a router r is faulty at some time t, then all correct routers eventually suspect (, ) such that | | α r was faulty in during containing t.

7 Alper T. Mızrak; University of California, San Diego7 Protocol k+2 A router r monitors all path segments, : has r at one end | | k+2. k is the maximum number of adjacent faulty routers along a path. Properties: k+2 is (k 2)-Accurate: k+2 is (k 2)-Complete. Overhead: This algorithm has reasonable overhead For each forwarded packet compute a fingerprint. Each router must synchronize and authenticate with the other end of each path segment that it monitors. Only path segments between nearby routers are monitored. Dissemination of the suspected path segments can be integrated into the link state flooding mechanism.

8 Alper T. Mızrak; University of California, San Diego8 Response What happens as a result of a detection? Inform the administrator. Immediate action: Ideally would be part of the link state protocol. That excludes suspected path segments from the routing fabric. ab c d is suspected

9 Alper T. Mızrak; University of California, San Diego9 Current Status We have implemented a prototype system, called Fatih. Still work-in-progress

10 Alper T. Mızrak; University of California, San Diego10 The end Thank you…

11 Alper T. Mızrak; University of California, San Diego11 Some protocols WATCHERS [UC, Davis]: 2-accurate Not complete Highly Secure and Efficient Routing [Avrampoulos et al.]: 2-accurate 2-complete Extremely expensive: per packet monitoring, source routing, seq numbers, authentication, reserved buffers, timeouts, increase in packet size Early Detection of Message Forwarding Faults [Herzberg et al.]: 2-accurate 2-complete Suffers from the high overhead. Our own protocol k+2

Download ppt "Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego."

Similar presentations

Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.

Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.
Stable Load Control with Load Prediction in Multipath Packet Forwarding IlKyu Park, Youngseok Lee, and Yanghee Choi Proc. 15 th IEEE Int l conf. on Information.

Stable Load Control with Load Prediction in Multipath Packet Forwarding IlKyu Park, Youngseok Lee, and Yanghee Choi Proc. 15 th IEEE Int l conf. on Information.
University of California, San Diego Fatih : Detecting and Isolating Malicious Routers Alper T Mizrak, Yu-Chung Cheng, Prof. Keith Marzullo, Prof. Stefan.

University of California, San Diego Fatih : Detecting and Isolating Malicious Routers Alper T Mizrak, Yu-Chung Cheng, Prof. Keith Marzullo, Prof. Stefan.
Fault-Tolerant Forwarding in the Face of Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego.

Fault-Tolerant Forwarding in the Face of Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego.
Data and Computer Communications

Data and Computer Communications
A Novel 3D Layer-Multiplexed On-Chip Network

A Novel 3D Layer-Multiplexed On-Chip Network
1 IK1500 Communication Systems IK1330 Lecture 3: Networking Anders Västberg 08-790 44 55.

1 IK1500 Communication Systems IK1330 Lecture 3: Networking Anders Västberg
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
15-441: Computer Networking Lecture 26: Networking Future.

15-441: Computer Networking Lecture 26: Networking Future.
Wide Area Networks School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 11, Thursday 3/22/2007)

Wide Area Networks School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 11, Thursday 3/22/2007)
CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 13 Introduction to Networks and the Internet.

CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 13 Introduction to Networks and the Internet.
Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.
Sponsored by BellSouth, Cisco, UC Micro Program Design and Development of an MPLambdaS Simulator Jian Wang, Biswanath Mukherjee, S, J, Ben Yoo University.

Sponsored by BellSouth, Cisco, UC Micro Program Design and Development of an MPLambdaS Simulator Jian Wang, Biswanath Mukherjee, S, J, Ben Yoo University.
User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.

User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.

Similar presentations

Ads by Google