Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

Published byTony Surridge Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis."— Presentation transcript:

1 1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis

2 2 UCDavis SecLab MURI October 2002 Security Threats Outsider attacks –infiltrate routing process –modify routing information –cause redirection of network traffic, DoS attacks, etc. countermeasure - use of strong integrity mechanisms

3 3 UCDavis SecLab MURI October 2002 Security Threats – Contd. Insider attacks –Compromised rogue routers legitimately participate in routing protocol influence local routing behavior actively disrupt global routing behavior – Integrity mechanisms are in place Routers do not masquerade as other routers –Integrity mechanisms are not in place Routers masquerade as other routers.

4 4 UCDavis SecLab MURI October 2002 Intrusion Monitoring of Networks Most intrusion monitoring is fine-grained –E.g., network packet analysis Some intrusions require higher level monitoring –Intrusive behavior may be visible earlier Our approach is aimed at multi-grained intrusion monitoring

5 5 UCDavis SecLab MURI October 2002 Sample Network Area 1Area 2 Area 3 R1 R2 R3 R4 R5 R6 R12 R11 R13 R7 R8 R9 R10 H1 H2 AS

6 6 UCDavis SecLab MURI October 2002 Link R4-R5 Is Down Area 1Area 2 Area 3 R1 R2 R3 R4 R5 R6 R12 R11 R13 R7 R8 R9 R10 H1 H2 AS

7 7 UCDavis SecLab MURI October 2002 Area 1 R1 R2 R3 R4 Newly Isolated Node – R5 Single Point of Connection – R6 Area 2 Area 3 R5 R6 R12 R11 R13 R7 R8 R9 R10 H1 H2 AS

8 8 UCDavis SecLab MURI October 2002 AS Centrality of R6 greater even if degree of R6 unchanged Area 2 R10 Area 1 R4 R5 R6 Area 3 R11

9 9 UCDavis SecLab MURI October 2002 Isolated Node – R5 Centrality of Routers R10, R11, R12 Increases AS Area 1Area 2 Area 3 R4 R5 R6 R12 R11 R10

10 10 UCDavis SecLab MURI October 2002 Subnet Failure Area 1Area 2 Area 3 R1 R2 R3 R4 R5 R6 R12 R11 R13 R7 R8 R9 R10 H1 H2 AS

11 11 UCDavis SecLab MURI October 2002 Link Failure Area 1Area 2 Area 3 R1 R2 R3 R4 R5 R6 R12 R11 R13 R7 R8 R9 R10 H1 H2 AS

12 12 UCDavis SecLab MURI October 2002 Second Link Failure – Temporal Failure Correlation Area 1Area 2 Area 3 R1 R2 R3 R4 R5 R6 R12 R11 R13 R7 R8 R9 R10 H1 H2 AS

13 13 UCDavis SecLab MURI October 2002 Centrality of R5 Increases Enormously Result: Large Scale Traffic Redirection Area 1Area 2 Area 3 R1 R2 R3 R4 R5 R6 R12 R11 R13 R7 R8 R9 R10 H1 H2 AS

14 14 UCDavis SecLab MURI October 2002 Compromised Routers Legitimately participate in routing protocol –Integrity mechanisms are in place Routers do not masquerade as other routers May place themselves in more routing paths Influence local routing behavior Actively disrupt global routing behavior – Suitable response Place routers out of legitimate routing process before disruption is too great

15 15 UCDavis SecLab MURI October 2002 Compromised Routers - Contd. Legitimately participate in routing protocol –Integrity mechanisms are not in place Routers masquerade as other routers Spoofing attack on victim routers Rogue router remains invisible –Suitable Response Re-route overloaded router traffic and enforce traffic congestion control policies

16 16 UCDavis SecLab MURI October 2002 Centrality Analysis Captures structurally central part of a network Depends on point of view –may be nodes with most direct connections to neighbors, or –nodes that are most connected to network, or –the nodes that are closest to other points

17 17 UCDavis SecLab MURI October 2002 Degree Centrality –Number of nodes to which a node is directly linked –Reflective of potential communication activity –Measure of vulnerability of node since high degree nodes will be less vulnerable to attack – Node of low degree is isolated and cut off from active participation in ongoing network activity

18 18 UCDavis SecLab MURI October 2002 Degree Centrality of a node is given by:

19 19 UCDavis SecLab MURI October 2002 Betweenness centrality –Based on frequency with which a node falls between pairs of other points on shortest paths between them –Overall index determined by summing partial values for all unordered pairs of points –Betweenness centrality of a node is greater if it lies on a greater number of shortest paths between other node pairs –Defines potential for control of communication

20 20 UCDavis SecLab MURI October 2002 Betweenness Centrality of a node Given nodes and with geodesics (shortest paths) between them, the probability of using any one of these paths is given by

21 21 UCDavis SecLab MURI October 2002 Thus, if = # of geodesics between and that contain, then the probability that falls on a randomly selected geodesic linking and is given by = Betweenness Centrality of a Node – Contd.

22 22 UCDavis SecLab MURI October 2002 Betweenness Centrality of a node – contd. The overall centrality of a node is determined by summing the partial probabilities for all unordered pairs of points. Thus, where i ≠ j ≠ k When a node falls on the only shortest path between a pair of points, the centrality of the point increments by 1 applicable in straightforward routing With alternate geodesics, the centrality index grows in proportion to the frequency of occurrence of that node among the alternatives applicable in equal-cost multi-path routing

23 23 UCDavis SecLab MURI October 2002 Computation of betweenness centrality –Traditional summation methods are very costly, requiring O(n^3) time and O(n^2) space for n nodes and e edges

24 24 UCDavis SecLab MURI October 2002 Approaches to resolve computational issues Modified definitions –egocentric approach –simplified egocentric approaches Heuristics –Exploit sparsity of connections in large networks –Exploit correlation between degree centrality and betweenness centrality

25 25 UCDavis SecLab MURI October 2002 Recent Work in Intra-domain Routing Protocols (Application to OSPF) –Modified Definition of Betweenness Centrality: Centrality of a node is determined with respect to root router of SPF tree –Advantages Each router independently computes betweenness centrality indices of other routers Piggyback betweenness centrality computation within Dijkstra SPF algorithm at each router Each router can adopt independent response decisions based on this metric

26 26 UCDavis SecLab MURI October 2002 Centrality Analysis in Ad hoc Networks –Points of Interest Absence of communication infrastructure Each mobile node must also perform the duties of router Dynamically establish routing among themselves to form ad hoc network –Routing Protocols being considered Two routing protocols considered for standardization by IETF, namely, DSR and AODV Hybrid ad hoc routing protocols that employ clustering and hierarchical techniques

27 27 UCDavis SecLab MURI October 2002 Ongoing Work –For each of DSR, AODV, other hybrids: Develop functionality that abstracts global centrality information locally Study role of heuristics in addressing computational issues –Ego-centric approaches –Correlation studies Study limits of approach

28 28 UCDavis SecLab MURI October 2002 Ongoing Work – contd. Simulate intrusive behavior of malicious ad hoc hosts involving - dense, complex networks - with high node mobility and - substantial dynamic topologies

29 29 UCDavis SecLab MURI October 2002 Specific Tasks Modify ns-2 simulator modules to support elements of centrality analysis within ad hoc routing protocols Performance analysis of estimates of centrality in presence of both node mobility and dynamic topologies as well as under specific node failure/link failure scenarios

30 30 UCDavis SecLab MURI October 2002 Fundamental Motivation for Monitoring Routing –Provide a systematic framework for developing security specifications/constraints establishing bounds for secure network behavior –Create a more secure enhancement to an existing protocol –Develop a response mechanism for Isolating intrusive behavior of a malicious node Use as a QoS metric to prevent traffic congestion Aspects to this study –describe knowledge available to each router As a response mechanism, study feasibility of employing this information as a metric for –

31 31 UCDavis SecLab MURI October 2002 Conclusions –Abstract global network control behavior locally at a router –Capture changing topology to detect network wide routing attacks –Early detection possible –Subverting such monitoring harder –Selectively misrouted packets not detected with this approach

Download ppt "1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis."

Similar presentations

Ch. 12 Routing in Switched Networks

Ch. 12 Routing in Switched Networks
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Communications Research Centre (CRC) Defence R&D Canada – Ottawa 1 Properties of Mobile Tactical Radio Networks on VHF Bands Li Li & Phil Vigneron Communications.

Communications Research Centre (CRC) Defence R&D Canada – Ottawa 1 Properties of Mobile Tactical Radio Networks on VHF Bands Li Li & Phil Vigneron Communications.
1 Greedy Forwarding in Dynamic Scale-Free Networks Embedded in Hyperbolic Metric Spaces Dmitri Krioukov CAIDA/UCSD Joint work with F. Papadopoulos, M.

1 Greedy Forwarding in Dynamic Scale-Free Networks Embedded in Hyperbolic Metric Spaces Dmitri Krioukov CAIDA/UCSD Joint work with F. Papadopoulos, M.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Data and Computer Communications Ninth Edition by William Stallings Chapter 12 – Routing in Switched Data Networks Data and Computer Communications, Ninth.

Data and Computer Communications Ninth Edition by William Stallings Chapter 12 – Routing in Switched Data Networks Data and Computer Communications, Ninth.
1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.

1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Intrusion Detection Techniques for Mobile Wireless Networks Authors: Yongguang Zhang, HRL Laboratories LLC, Malibu, California. Wenke Lee, College of Computing,

Intrusion Detection Techniques for Mobile Wireless Networks Authors: Yongguang Zhang, HRL Laboratories LLC, Malibu, California. Wenke Lee, College of Computing,
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
MANETs A Mobile Ad Hoc Network (MANET) is a self-configuring network of mobile nodes connected by wireless links. Characteristics include: no fixed infrastructure.

MANETs A Mobile Ad Hoc Network (MANET) is a self-configuring network of mobile nodes connected by wireless links. Characteristics include: no fixed infrastructure.
1 Intrusion Monitoring of Link-State Routing Protocols Akshay Aggarwal Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of.

1 Intrusion Monitoring of Link-State Routing Protocols Akshay Aggarwal Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
CS 672 Paper Presentation Presented By Saif Iqbal “CarNet: A Scalable Ad Hoc Wireless Network System” Robert Morris, John Jannotti, Frans Kaashoek, Jinyang.

CS 672 Paper Presentation Presented By Saif Iqbal “CarNet: A Scalable Ad Hoc Wireless Network System” Robert Morris, John Jannotti, Frans Kaashoek, Jinyang.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.

Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.

Similar presentations

Ads by Google