Sciweavers

NETWORK
2008

Detecting compromised routers via packet forwarding behavior

13 years 11 months ago
Detecting compromised routers via packet forwarding behavior
While it is widely understood that criminal miscreants are subverting large numbers of Internet-connected computers (e.g., for bots, spyware, SPAM forwarding), it is less well appreciated that Internet routers are also being actively targeted and compromised. Indeed, due to its central role in end-to-end communication, a compromised router can be leveraged to empower a wide range of direct attacks including eavesdropping, man-in-the-middle subterfuge, and denial of service. In response, a range of specialized anomaly detection protocols has been proposed to detect misbehaving packet forwarding between routers. This article provides a general framework for understanding the design space of this work and reviews the capabilities of various detection protocols. Detecting Compromised Routers via Packet Forwarding Behavior This material is based upon his dissertation research at UCSD. 1 This scheme is also called master-checker, active replication, or state machine approach in the literatu...
Alper Tugay Mizrak, Stefan Savage, Keith Marzullo
Added 14 Dec 2010
Updated 14 Dec 2010
Type Journal
Year 2008
Where NETWORK
Authors Alper Tugay Mizrak, Stefan Savage, Keith Marzullo
Comments (0)