Real-time protocol analysis for detecting link-state routing protocol attacks

Authors:
Ho-Yen Chang;S. Felix Wu;Y. Frank Jou
Affiliations:
Ericsson IP Infrastructure, Raleigh, NC;Univ. of California at Davis, Davis;Advanced Networking Research, MCNC, RTP, NC
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2001

Citing 13
Cited 5

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Protocol verification made simple: a tutorial

Computer Networks and ISDN Systems - Special issue on protocol specification, testing and verification
A theory of timed automata

Theoretical Computer Science
Routing in the Internet

Routing in the Internet
State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Self-stabilizing systems in spite of distributed control

Communications of the ACM
OSPF: Anatomy of an Internet Routing Protocol

OSPF: Anatomy of an Internet Routing Protocol
Distributed Algorithms

Distributed Algorithms
Introduction To Automata Theory, Languages, And Computation

Introduction To Automata Theory, Languages, And Computation
Reducing The Cost Of Security In Link-State Routing

SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
An experimental study of insider attacks for OSPF routing protocol

ICNP '97 Proceedings of the 1997 International Conference on Network Protocols (ICNP '97)
Automatic alarm correlation for fault identification

INFOCOM '95 Proceedings of the Fourteenth Annual Joint Conference of the IEEE Computer and Communication Societies (Vol. 2)-Volume - Volume 2
An Immunological Approach to Change Detection: Algorithms, Analysis and Implications

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy

Abstraction-based intrusion detection in distributed environments

ACM Transactions on Information and System Security (TISSEC)
Experimental analysis of attacks against intradomain routing protocols

Journal of Computer Security
New architecture for intra-domain network security issues

Communications of the ACM - Entertainment networking
Theoretical bounds on control-plane self-monitoring in routing protocols

Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A Framework for Large-Scale Detection of Web Site Defacements

ACM Transactions on Internet Technology (TOIT)

Quantified Score

Hi-index	0.00

Visualization

Abstract

A real-time knowledge-based network intrusion-detection model for a link-state routing protocol is presented for the OSPF protocol. This model includes three layers: a data process layer to parse packets and dispatch data; and event abstractor to abstract predefined real-time events for the link-state routing protocol; and an extended timed finite state machine to express the real-time behavior of the protocol engine and to detect intrusions by pattern matching. The timed FSM, called the JiNao Finite State Machine (JFSM) is extended from the conventional FSM with timed states, multiple timers, and time constraints on state transitions. The JFSM is implemented as a generator that can create and FSM by constructing the configuration file only. The results show that this approach is very effective for detecting real-time intrusions. Our approach can be extended for use in other network protocol intrusion-detection systems, especially for those with known attacks.