Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Detecting and Isolating Malicious Packet Losses


Affiliations
1 Department of CSE, EGSPEC, Nagapattianam, India
2 Department of EEE, EGSPEC, Nagapattianam, India
     

   Subscribe/Renew Journal


Consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. The concerned with a simple yet effective attack in which a router selectively drops packets destined for some victim. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. This heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks. They have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions

Keywords

Internet Dependability, Intrusion Detection and Tolerance, Distributed Systems, Reliable Networks, Malicious Routers.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 243

PDF Views: 2




  • Detecting and Isolating Malicious Packet Losses

Abstract Views: 243  |  PDF Views: 2

Authors

K. Balasubramanian
Department of CSE, EGSPEC, Nagapattianam, India
R. Anandraj
Department of EEE, EGSPEC, Nagapattianam, India

Abstract


Consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. The concerned with a simple yet effective attack in which a router selectively drops packets destined for some victim. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. This heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks. They have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions

Keywords


Internet Dependability, Intrusion Detection and Tolerance, Distributed Systems, Reliable Networks, Malicious Routers.