Secure split assignment trajectory sampling: A malicious router detection system

Sihyung Lee, Tina Wong, Hyong S. Kim

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Routing infrastructure plays a vital role in the Internet, and attacks on routers can be damaging. Compromised routers can drop, modify, mis-forward or reorder valid packets. Existing proposals for secure forwarding require substantial computational overhead and additional capabilities at routers. We propose Secure Split Assignment Trajectory Sampling (SATS), a system that detects malicious routers on the data plane. SATS locates a set of suspicious routers when packets do not follow their predicted paths. It works with a traffic measurement platform using packet sampling, has low overhead on routers and is applicable to high-speed networks. Different subsets of packets are sampled over different groups of routers to ensure that an attacker cannot completely evade detection. Our evaluation shows that SATS can significantly limit a malicious router's harm to a small portion of traffic in a network.

Original languageEnglish
Title of host publicationProceedings - DSN 2006
Subtitle of host publication2006 International Conference on Dependable Systems and Networks
Pages333-342
Number of pages10
DOIs
StatePublished - 2006
EventDSN 2006: 2006 International Conference on Dependable Systems and Networks - Philadelphia, PA, United States
Duration: 25 Jun 200628 Jun 2006

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks
Volume2006

Conference

ConferenceDSN 2006: 2006 International Conference on Dependable Systems and Networks
Country/TerritoryUnited States
CityPhiladelphia, PA
Period25/06/0628/06/06

Fingerprint

Dive into the research topics of 'Secure split assignment trajectory sampling: A malicious router detection system'. Together they form a unique fingerprint.

Cite this