SlideShare a Scribd company logo

Detecting Malicious Dropping Attack in the Internet

I
IDES Editor

The current interdomain routing protocol, Border Gateway Protocol, is limited in implementations of universal security. Because of this, it is vulnerable to many attacks at the AS to AS routing infrastructure. Initially, the major concern about BGP security is that malicious BGP routers can arbitrarily falsify BGP routing messages and spread incorrect routing information. Recently, some authors have pointed out the impact of a type of attack, namely selective dropping or malicious dropping attack that has not studied before. The malicious draping attack can result in data traffic being blackholed or trapped in a loop. However, the authors did not elaborate on how one can detect such attacks. In this paper, we discuss and analyse a method that can be used to detect malicious dropping attacks in the Internet.

Technology
1 of 5
Download to read offline
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Detecting Malicious Dropping Attack in the Internet Lata L. Ragha1, B. B. Bhaumik2, and S. K. Mukhopadhyay3 1 Ramrao Adik Institute of Technology, Department of Computer Engineering, Nerul, Navi Mumbai, India Email: lata.ragha@gmail.com 2 Jadavpur University, Department of Computer Science and Engineering, Kolkata, India Email: bbbhaumik@yahoo.com 3 CA-30, Salt Lake, Sector-1, Kolkata-700064, India Email: mukho_s@hotmail.com Abstract— The current interdomain routing protocol, Border mechanisms, cannot protect routing protocols against some Gateway Protocol, is limited in implementations of universal kind of attacks. In [7], the authors describe one such attack, security. Because of this, it is vulnerable to many attacks at namely the malicious or selective dropping attack, which the AS to AS routing infrastructure. Initially, the major can cause data traffic blackhole and persistent traffic loop. concern about BGP security is that malicious BGP routers However, the authors do not present any technique to can arbitrarily falsify BGP routing messages and spread incorrect routing information. Recently, some authors have detect such attacks. pointed out the impact of a type of attack, namely selective In this paper, we describe a scheme, presented in [8], dropping or malicious dropping attack that has not studied used for detecting Instability in BGP and by using the same before. The malicious draping attack can result in data traffic technique we proposed a method for detecting malicious being blackholed or trapped in a loop. However, the authors dropping attacks in the Internet. This scheme is based on did not elaborate on how one can detect such attacks. In this adaptive segmentation of feature traces extracted from paper, we discuss and analyse a method that can be used to BGP update messages and exploiting the temporal and detect malicious dropping attacks in the Internet. spatial correlations in the traces for robust detection of the instability events. The route change information is used to Index Terms— Internet Routing Security, Selective or pinpoint the culprit ASes where the instabilities have malicious Dropping Attacks, BGP, Instability Analysis, Malicious Routers. originated. When this scheme cannot identify the instability source, it will probe its neighboring routers to see if they can identify the source of instability. Once the source of I. INTRODUCTION instability is identified, the stable route database will check Border Gateway Protocol (BGP) is the de facto to see if a malicious dropping attack is embedded within interdomain routing protocol [1]. Current Internet consists this burst of BGP UPDATES. If an attack is suspected, of many Autonomous Systems (ASes) connected by then a warning message will be flooded (with limited interdomain (inter-AS) links. Each AS is a set of routers scope) across the BGP routers in the Internet. that have the same routing policy within a single administrative domain. BGP is responsible for discovery II. MALICIOUS DROPPING ATTACK and maintenance of paths between ASes in the Internet. BGP routers exchange routing information via two types of BGP is a policy routing, path vector protocol. UPDATE messages: namely route withdrawal and route According to the inbound and outbound policies, BGP announcement. When a BGP router receives an UPDATE router may legitimately suppress some UPDATES. The from its neighboring BGP router, this message will be authors in [7] define two consistency properties for correct processed, stored, and redistributed in accordance with both BGP operation. In this model the notations: peer(u) BGP specification and the routing policies of the local AS. denotes the set of peers for node (AS) u, rib-in (u<=w) Previously, the major concern about BGP security is the denote node u’s most recently received message from peer authenticity and integrity of BGP UPDATES, especially w, rib(u) denotes the best path that u adopts and stores route origin information and AS path information stored in in the local-RIB, rib-out(u=>w) denotes the route that u the AS_PATH attribute. Incorrect UPDATES, due to either advertises to w. BGP router misconfiguration or malicious attack, may The properties defined by the authors in [7] are cause serious problems to the global Internet. Some duplicated below: countermeasures have been proposed to mitigate BGP 1. a) If rib(u) there must v peers(u) vulnerabilities. To protect BGP session from spoofed BGP [rib-in(u<=v)=rib(u)]. UPDATES sent by outsiders, TCP MD5 signature [2] using b) If rib(u) = , rib-in(u<=v) can be arbitrary. shared secret key between two BGP routers was proposed. a) For any w peers(u), if rib- S-BGP[3] and SoBGP[4] apply cryptography to prevent an out(u=>w) then rib-out(u=>w) = u attacker (either insider or outsider) from advertising faulty o rib(u). BGP messages or tampering normal messages. However, as b) It is possible that when rib(u) , there noted in [5], [6], [7], cryptography-based security exists 27 © 2011 ACEEE DOI: 01.IJNS.02.01.141
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 rib-out(u=>w) = where w peers(u). preference value to the route learned from R1 than the The two properties listed above are legitimate properties route learned from R3 so that R2 uses (AS1, AS4, AS5) as that allow a BGP router at node u to drop BGP UPDATES. the best AS path. Initially, in the stable state, every router Property 1(a) implies node u can select a route from one chooses the correct next hop for the destination network. peer but drop the routes it received from the others. Same as the first example, we cut the link between R3 Property 1(b) indicates that node u does not have to use the and R5. Consequently, R3 sends route withdrawal to R1 route announced by node v to reach a particular destination and R2. R1 maliciously drops this incoming message and even though node u has no route. Property 2(a) guarantees still uses the route (AS3, AS5). When R2 receives the that no policy allows node u to use one route but announce withdrawal message, R2 uses the route (AS1, AS4, AS5) the other route to its peers. Property 2(b) indicates a policy and sends this route back to R3. Finally, R3 uses the route to authorize node u not to transit the traffic for node v even (AS2, AS1, AS4, AS5). From the routing policies, we can though node u can reach a particular destination. see that the loop has been formed. For the route to AS5, R3 Any BGP dropping that is not consistent to these two sets R2 as next hop, R2 sets R1 as next hop, R1 sets R3 as properties will be classified as malicious dropping. The next hop. and this can result in traffic blackhole and persistent traffic loop. III. SECURITY SOLUTIONS A. Blackhole The solution space for securing the global routing In the example network shown in Figure 1, we assume system can be broadly divided into three areas: prevention, that each node represents an AS, there is a BGP router mitigation, and detect-and-react. associated with each AS. A. Prevention The proposed secure BGP solutions in this category are based on cryptographic authentications [3], [9], [10], [11]. Unfortunately these solutions share some obstacles and effectively blocked the road towards actual deployment. The absence of a global PKI infrastructure in today’s Internet, The high computational overhead of verifying BGP Figure 1. Example network to show blackhole and rooting loop update signatures, The requirement of changing implementations of all The target network is owned by AS5. We study the routers to achieve effective protection. routes to this network in five BGP routers. In the initial stable state, R1 uses (AS3, AS5) as the best AS path to B. Mitigation reach the target network. R1 uses R3 as the next hop. When Even though many authors proposed different we cut the link between R3 and R5, under normal approaches to mitigate the attacks [12], [13], [14] through circumstances, R1 will remove (AS3, AS5) from the BGP observing each router for the origin ASes and AS paths of routing table and select (AS4, AS5) the best path. This path the routes over time, and defer the adaption to any sudden will be announced to AS2, which will use the path (AS1, route changes till the changes can be verified through other AS4, AS5). In the forwarding table, for the entry of the means, these approaches does not scale as a general particular network of AS5, R1 sets R4 as the next hop, R2 solutions for all prefixes. and R3 set R1 as the next hop. However, if R3 is malicious, it can hijack the normal traffic to the target network by C. Detect-and-React malicious dropping attack. In this example, we let R3 hold Over the years a number of detection-based security the withdrawal messages to R1 and only send a withdrawal solutions have been developed [13], [15], [16] and even message to R2. Consequently, although R1 receives the deployed. All the techniques usually have two basic route withdrawal from R2, it will still use R3 as next hop to components: a monitoring infrastructure that collects BGP deliver traffic to the network of AS5. Therefore, all the routing update information, and a user profile that provides traffic from AS1 will be blackholed by R3. the ground truth of the network being observed. One fundamental advantage of detection-based mechanisms is B. Routing Loop the ease of deployment and they do not require any change The same example network is used to explain about the in the operational system. Any of the proposed solutions of persistent routing loop. The target network is still instability detection in the Internet can be used to detect considered in AS5. The major difference from the first malicious dropping attacks. example network is that R3 is a normal node whereas R1 is malicious. R1 selectively drops outgoing route IV. INSTABILITY DETECTION announcements to R2 in the beginning. In the example, R1 sets (AS3, AS5) as the best path, yet drops the route update A methodology for identifying the source of instability to R2. It announces (AS1, AS4, AS5) to R2 instead of is described in literature [8]. The scheme is based on announcing the current route stored in the Loc-RIB. R3 adaptive segmentation of feature traces extracted from announces (AS3, AS5) to R2. R2 sets a larger local BGP update messages and exploiting the temporal and spatial correlations in the traces for robust detection of the 28 © 2011 ACEEE DOI: 01.IJNS.02.01.141
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 instability events. Then the route change information is AS Path Length used to pinpoint the culprit ASes where the instabilities Routing instabilities cause established paths to become have originated. unavailable or may result in certain destinations being unreachable. As a result, instabilities are characterized by A System Architecture route withdrawals and the BGP path exploration process to This section presents a description of the architecture of find an alternative route to the same destination. the system and its components and their functions [8]. This Under such circumstances, it has been observed that the system can be broadly described as a two part scheme: the occurrence of many routes with abnormally long AS path first part detects the BGP instability events while the lengths. This is because in the absence of stable paths of second pinpoints the source of the instability. shorter lengths, BGP routers try to use longer alternative Feature Extractor: It performs the basic function of paths. Authors used the length of the AS paths received parsing the needed features from the BGP update messages from a peer as one of features and define it as: received by a router from its peers. It separates the update messages received from different peers into different ASPL = { Xij = (x0, x1, …); i = 1,…, Ml ; j = 1,…, NP } datasets and then performs the necessary parsing on these datasets to obtain the feature traces. The features are Where, Xij is a time series of the number of messages extracted on data collected every 5 minutes in order to limit with AS path length = i, received over every 5 minute the rate at which data needs to be processed. interval from peer number j, Ml is the maximum observed AS path length value and NP is the number of peers of the local BGP router. AS Path Edit Distance During instability, not only are a large number of long AS paths exchanged but also a large number of “rare” AS paths are advertised. We quantify the latter effect by treating AS paths received in consecutive messages as strings and obtaining edit distances between them as a measure of their dissimilarity. The AS path edit distance feature set is defined as: ASPED ={ Xij = (x0, x1, …); i = 1,…, Med ; j = 1,…, NP } Where, Xij is a time series of the number of messages Figure 2. Architecture of the detection and root cause location scheme with AS path edit distance i, received over every 5minute Change Detector: The important function of tracking interval from peer number j and Med is the maximum the behavior of the feature time series and detecting when a observed AS path edit distance value. substantial change occurs in them is performed here. The Message Volume change detection is performed for every feature trace Interdomain routing instabilities also exhibit a sharp and extracted from each peer separately, in parallel. sustained increase in the number of announcement and Alarm Correlator: It is used to make the detection withdrawal messages exchanged by the BGP routers [8]. robust against feature volatility. It implements the The volume of announcement and withdrawal messages as algorithm to establish whether the alarms obtained from the possible features that can be used to detect instabilities is different feature traces for the same peer are correlated. considered. These features are defined as The correlation is checked across different combinations of features using a decision tree based mechanism. AVi = { Xi = [ x(0), x(1),…] }, ∀i = 1,2,..,NP Alarm Classifier: It helps in identifying the location of WVi = { Yi =[ y(0), y(1),…] }, ∀i = 1,2,..,NP occurrence of the root cause event that caused the instabilities. It uses the AS-path data for this purpose. Where Xi and Yi are the time series of the number of announcements and withdrawals received in each interval B Feature Selection from peer number i, respectively. When a route or node failure occurs, each BGP router C Detection of Instabilities initiates a path exploration process for the failed routes. The path exploration process involves the exchange of This section describes the detection mechanism used in route withdrawal and announcement messages between [8]. The detection scheme is based on adaptive sequential BGP routers. These update messages show certain segmentation. The core of the segmentation is change characteristics that are specific to periods of instability and detection using a Generalized Likelihood Ratio (GLR) form the features used by our instability detection based hypothesis test. The segment boundary detection mechanism. From the BGP update messages received by a mechanism uses the GLR test to detect change points. This router, authors identify and extract features that are used to step is followed by a process to optimize the segment differentiate between BGP’s behavior during normal and boundary position (figure 3. anomalous periods 29 © 2011 ACEEE DOI: 01.IJNS.02.01.141
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 routing table. If this troubled link is used in any best-path route, then the detection module returns a true (indicating that there is a possible malicious dropping attack). Otherwise, the detection module returns a false (no indication of malicious dropping attack). The pseudo code of the malicious dropping attack detection module is explained below in Figure 4. Detect_Dropping(u,t)//u is a cluster of updates at time period t { // this is used to monitor AS to report instability and dropper instability=Locate(u); // running locating algorithm try to // find instability if (instability == NULL) // if not found {instability=Ask_Neighbor(n, t); //ask peer upto n hops if (instability == NULL) { error(“can’t find instability!”); return; } } report instability, t; // if instability found dropper=Check_RT(instability, current_node); if (dropper != NULL) { report dropper, t; return; } return; } Figure 3. Algorithm for change detection and boundary position optimization [8] Figure 4: Malicious dropping attack detection procedure The change detection and boundary position optimization processes of Algorithm shown in figure 3 are We illustrate our proposed attack detection method applied to each feature trace and the change points detected using an example based on the network topology shown in are termed per-feature-trace alarms. The temporal Figure 5. We assume that each node represents an AS, correlations between the per-feature-trace alarms are used there is a BGP router associated with each AS and there is to reduce false alarms and make the detection process more a BGP peer session between the BGP routers if there is a robust against volatility of feature traces. The clustering of link exists between two nodes. the per-feature-trace alarms is done by using the time difference between them as a distance measure. Then a majority voting rule that requires the largest cluster to have alarms from more than half the number of feature traces is used to generate the final alarm. D Detection of Root cause location In order to locate the root-cause-AS, we need to find the first-changed-AS. The method that used here to find the first-changed-AS is an extension of the AS path edit distance feature extraction process. E Detection of Malicious dropping attacks The detection mechanism can be used to test and detect various types of instability events like: worm attack, Figure 5. Example of network topology equipment failure and BGP misconfiguration and hijack events. In case of hijacking if the downstream ASes did not Assume that link 5-6 is broken and this results in a burst have correct filters in plane, can cause a major instability of BGP update messages. If there is no malicious/selective and it is difficult to locate unique source of instability. dropping attack, and the proposed method is implemented We use the same methodology described in [8] to in any one of the routers, the source of instability can be extract BGP updates and locate the source of instability. easily located and the alarm message will be issued to all The difference is when the locating instability procedure the routers. However, if the link 5-6 is broken and at the fails to locate a unique source of instability; we allow that same time, the router in AS6 launches a malicious dropping observation point to probe its neighbors to see if they can attack towards AS11, then ASes 11, 18, 19, 20 cannot identify the source of instability. Based on these additional locate the source of the instability. AS11 can verify the information provided by its neighbors, an observation point source of instability after it has asked its neighboring may then be able to identify the source of instability. Next, routers i.e. AS10 and AS12 for information on the source this observation point will check its current routing table to of instability that they have identified for the same burst. see if the troubled inter-AS link is used in any current Upon receiving the information from AS10 and AS12, 30 © 2011 ACEEE DOI: 01.IJNS.02.01.141
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 AS11 was able to check its routing table and discover a message, the damaged cost can be reduced to zero. We discrepancy about the status of the inter-AS link 5-6. Thus, intend to implement and analyze this proposed method by AS11 was able to detect a potential malicious/selective using NS-BGP simulator. dropping attack. AS11 can then issue a warning message which is propagated with limited scope across the network. REFERENCES The warning message contains information about the [1] Y. Rekhter and T. Li, “Border Gateway Protocol 4”, RFC identifier of the malicious router and any suspected broken 1771, SRI Network Information Center, July, 1995. links that are not reported. Such warning messages are authenticated so that attackers will not issue forged [2] A. Heffernan, “Protection of BGP sessions via the TCP MD5 signature option”, RFC 2385, SRI Network Information warning messages to confuse neighbors. BGP router Center, August, 1998 identity authentication approach proposed in S-BGP[4] can be used for authenticating warning messages. [3] S. Kent et al, “Secure Border Gateway Protocol (S-BGP)”, IEEE Journal on Selected Areas in Communications, In the above example, without the neighbour probing Volume18 Issue 4, April, 2000 technique, five of the AS routes will use an AS path that goes through the broken link as a result of the malicious [4] C. Kruegel et al, “Topology-based detection of anomalous dropping attack. With the neighbour probing technique, BGP messages”, Proceedings of 6th Symposium on Recent only three of the AS routes will use an AS path that goes Advanced in Intrusion Detection (RAID), 2003. through the broken link if no warning message is issued. If [5] S. M. Belovin and E. R. Gansner, “Using Link Cuts to attack the warning message is flooded across the whole network, Internet Routing”, draft, May 2003. then no AS will utilize a path that goes through the broken [6] S. M. Belovin, “Routing Security”, Talk at British Columbia inter-AS link and hence the damaged cost is reduced to 0. Institute of Technology, June 2003. One potential limitation of this technique is that unless a [7] K. Zhang, X. Zhao, F. Wu, “An analysis of Selective router has peers with at least 2 or 3 other routers, this router Dropping Attack in BGP“, Proceedings of IEEE IPCCC, will not be able to get additional information to help it April, 2004. locate the source of instability as well as detect any [8] Shivani Deshpande, Marina Thottan, Tin K. H. And Biplab potential malicious router that selectively drops BGP Sikdar, “An Online Mechanism for BGP Instability updates. Detection and Analysis”, IEEECSI, 2009. F Implementation [9] J. Ng. “Extensions to BGP to Support Secure Origin BGP”, fttp://ftpeng.cisco.com/sobgp/drafts/draft-ng-sobgp-bgp- Initially we are planning to implement the proposed extensions-02.txt, April 2004. method in NS-BGP simulator and later by using SSFNet. We are thinking for the topology with different weights for [10] G. Huston and G. Michaelson, “Validation of Route Origination in BGP using the Resource Certificate PKI”, different AS links based on the traffic load each carries or Internet Draft, IETF, 2008. the number of different AS routes that use a particular AS link. We are also thinking of possible solutions to address [11] S. S. M. Zhao and D. Nicol, “Aggregated path authentication for efficient BGP Security”, in 12th ACM Conference on several issues: Computer and Communications Security, November 2005. First, we need to propose a method for adding two new BGP message types for neighbor probing and warning [12] L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, A. Mankin, purposes. Next, one needs to carefully think about the S. Wu, and L. Zhang, “ Protecting BGP Routes to Top Level DNS Servers”, in Proceedings of the ICDCS 2003. scope of the warning message distribution. [13] J. Karlin, S. Forrest, and J. Rexford, “Pretty good BGP: V. CONCLUSION Improving BGP by cautiously adopting routes”, in Proceedings of the 14th IEEE International Conference on In this paper, we have described a method used for Network Protocols, 2006. detecting instabilities in the internet along with detection of [14] Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical root cause location. We also explained a neighbor probing defenses against BGP prefix hijacking”, in Proceedings of scheme for detecting malicious dropping attacks in the the ACM CoNEXT conference, 2007. Internet. The different network topologies have been [15] Y. J. Chi, R. Oliveira, and L. Zhang, “Cyclops: the AS-level theoretically analyzed to evaluate the effectiveness of our connectivity observatory”, SIGCOMM Computer proposed scheme. It is further analyzed that when the Communications, 2008. http://cyclops.cs.ucla.edu. method detects the presence of potential malicious router, [16] M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang, the damage cost can be reduced to certain percentage “PHAS: A prefix hijack alert system” in 15th USENIX without deploying the warning message. With the warning Security Symposium, 2006. 31 © 2011 ACEEE DOI: 01.IJNS.02.01.141

Recommended

A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...
Mumbai Academisc
 
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
IJMER
 
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
IJTET Journal
 
Study and analysis vurnerability of aodv protocol
Study and analysis vurnerability of aodv protocolStudy and analysis vurnerability of aodv protocol
Study and analysis vurnerability of aodv protocol
Mehedi
 
AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM
AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHMAN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM
AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM
IJNSA Journal
 
01 08 ciphering
01 08 ciphering01 08 ciphering
01 08 ciphering
Ericsson Saudi
 
Secure routing and data transmission in mobile
Secure routing and data transmission in mobileSecure routing and data transmission in mobile
Secure routing and data transmission in mobile
IJCNCJournal
 
SIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHODSIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHOD
IJNSA Journal
 

Recommended

A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...
Mumbai Academisc
 
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
A Neighbor Coverage-Based Probabilistic Rebroadcast for Reducing Routing Ove...
IJMER
 
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
IJTET Journal
 
Study and analysis vurnerability of aodv protocol
Study and analysis vurnerability of aodv protocolStudy and analysis vurnerability of aodv protocol
Study and analysis vurnerability of aodv protocol
Mehedi
 
AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM
AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHMAN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM
AN EFFICIENT IP TRACEBACK THROUGH PACKET MARKING ALGORITHM
IJNSA Journal
 
01 08 ciphering
01 08 ciphering01 08 ciphering
01 08 ciphering
Ericsson Saudi
 
Secure routing and data transmission in mobile
Secure routing and data transmission in mobileSecure routing and data transmission in mobile
Secure routing and data transmission in mobile
IJCNCJournal
 
SIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHODSIMULATION OF THE COMBINED METHOD
SIMULATION OF THE COMBINED METHOD
IJNSA Journal
 
A survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolA survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocol
Alexander Decker
 
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUESCOMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
Journal For Research
 
Performance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attackPerformance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attack
Mehedi
 
Grayhole
GrayholeGrayhole
Grayhole
Kumud Dixit
 
C0331215
C0331215C0331215
C0331215
iosrjournals
 
Ijctt v7 p111
Ijctt v7 p111Ijctt v7 p111
Ijctt v7 p111
ssrgjournals
 
sigtran
sigtransigtran
sigtran
krsgowri
 
Duan
DuanDuan
Duan
samuelrajueda
 
network security
network securitynetwork security
network security
Srinivasa Rao
 
Chapter 2 point-to-point protocol (ppp)
Chapter 2 point-to-point protocol (ppp)Chapter 2 point-to-point protocol (ppp)
Chapter 2 point-to-point protocol (ppp)
Cliff Stephen Pike-Dimagiba
 
Enhanced Secure Routing Model for MANET
Enhanced Secure Routing Model for MANETEnhanced Secure Routing Model for MANET
Enhanced Secure Routing Model for MANET
cscpconf
 
Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodv
journal ijrtem
 
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
idescitation
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
Sasank Chaitanya
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
Reliance Comm
 
Ab26180184
Ab26180184Ab26180184
Ab26180184
IJERA Editor
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attack
Raj Sikarwar
 
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
MINTUKAN RABHA
 
IEEE 802.16j Multi-hop Relay
IEEE 802.16j Multi-hop RelayIEEE 802.16j Multi-hop Relay
IEEE 802.16j Multi-hop Relay
Yi-Hsueh Tsai
 
internetworking operation
internetworking operationinternetworking operation
internetworking operation
Srinivasa Rao
 
IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP SpoofingIRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET Journal
 
Securing Routing Protocol BGP
Securing Routing Protocol BGPSecuring Routing Protocol BGP
Securing Routing Protocol BGP
IRJET Journal
 

More Related Content

What's hot

A survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolA survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocol
Alexander Decker
 
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUESCOMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
Journal For Research
 
Performance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attackPerformance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attack
Mehedi
 
Grayhole
GrayholeGrayhole
Grayhole
Kumud Dixit
 
C0331215
C0331215C0331215
C0331215
iosrjournals
 
Ijctt v7 p111
Ijctt v7 p111Ijctt v7 p111
Ijctt v7 p111
ssrgjournals
 
sigtran
sigtransigtran
sigtran
krsgowri
 
Duan
DuanDuan
Duan
samuelrajueda
 
network security
network securitynetwork security
network security
Srinivasa Rao
 
Chapter 2 point-to-point protocol (ppp)
Chapter 2 point-to-point protocol (ppp)Chapter 2 point-to-point protocol (ppp)
Chapter 2 point-to-point protocol (ppp)
Cliff Stephen Pike-Dimagiba
 
Enhanced Secure Routing Model for MANET
Enhanced Secure Routing Model for MANETEnhanced Secure Routing Model for MANET
Enhanced Secure Routing Model for MANET
cscpconf
 
Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodv
journal ijrtem
 
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
idescitation
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
Sasank Chaitanya
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
Reliance Comm
 
Ab26180184
Ab26180184Ab26180184
Ab26180184
IJERA Editor
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attack
Raj Sikarwar
 
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
MINTUKAN RABHA
 
IEEE 802.16j Multi-hop Relay
IEEE 802.16j Multi-hop RelayIEEE 802.16j Multi-hop Relay
IEEE 802.16j Multi-hop Relay
Yi-Hsueh Tsai
 
internetworking operation
internetworking operationinternetworking operation
internetworking operation
Srinivasa Rao
 

What's hot (20)

A survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocolA survey on mitigation methods to black hole attack on aodv routing protocol
A survey on mitigation methods to black hole attack on aodv routing protocol
 
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUESCOMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
COMPARATIVE STUDY OF IP TRACEBACK TECHNIQUES
 
Performance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attackPerformance analysis of aodv protocol on blackhole attack
Performance analysis of aodv protocol on blackhole attack
 
Grayhole
GrayholeGrayhole
Grayhole
 
C0331215
C0331215C0331215
C0331215
 
Ijctt v7 p111
Ijctt v7 p111Ijctt v7 p111
Ijctt v7 p111
 
sigtran
sigtransigtran
sigtran
 
Duan
DuanDuan
Duan
 
network security
network securitynetwork security
network security
 
Chapter 2 point-to-point protocol (ppp)
Chapter 2 point-to-point protocol (ppp)Chapter 2 point-to-point protocol (ppp)
Chapter 2 point-to-point protocol (ppp)
 
Enhanced Secure Routing Model for MANET
Enhanced Secure Routing Model for MANETEnhanced Secure Routing Model for MANET
Enhanced Secure Routing Model for MANET
 
Security in Manet Using Fl-Saodv
Security in Manet Using Fl-SaodvSecurity in Manet Using Fl-Saodv
Security in Manet Using Fl-Saodv
 
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
 
Ab26180184
Ab26180184Ab26180184
Ab26180184
 
AODV protocol and Black Hole attack
AODV protocol and Black Hole attackAODV protocol and Black Hole attack
AODV protocol and Black Hole attack
 
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
An Efficient Black Hole Attack Securing Mechanism in Ad Hoc On Demand Distanc...
 
IEEE 802.16j Multi-hop Relay
IEEE 802.16j Multi-hop RelayIEEE 802.16j Multi-hop Relay
IEEE 802.16j Multi-hop Relay
 
internetworking operation
internetworking operationinternetworking operation
internetworking operation
 

Similar to Detecting Malicious Dropping Attack in the Internet

IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP SpoofingIRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET Journal
 
Securing Routing Protocol BGP
Securing Routing Protocol BGPSecuring Routing Protocol BGP
Securing Routing Protocol BGP
IRJET Journal
 
Routing security - Budapest 2011
Routing security - Budapest 2011Routing security - Budapest 2011
Routing security - Budapest 2011
Wardner Maia
 
Ac316d98ef501d3097d715b11f2fc7e75100
Ac316d98ef501d3097d715b11f2fc7e75100Ac316d98ef501d3097d715b11f2fc7e75100
Ac316d98ef501d3097d715b11f2fc7e75100
Nanaji Uppe
 
Analysis of GPSR and its Relevant Attacks in Wireless Sensor Networks
Analysis of GPSR and its Relevant Attacks in Wireless Sensor NetworksAnalysis of GPSR and its Relevant Attacks in Wireless Sensor Networks
Analysis of GPSR and its Relevant Attacks in Wireless Sensor Networks
IDES Editor
 
04. Keamanan_Layer_Routing_sahoobi.pdf
04. Keamanan_Layer_Routing_sahoobi.pdf04. Keamanan_Layer_Routing_sahoobi.pdf
04. Keamanan_Layer_Routing_sahoobi.pdf
ssuser3e2785
 
The Robust system for antivenin DDOS by Rioter Puddle Expertise
The Robust system for antivenin DDOS by Rioter Puddle ExpertiseThe Robust system for antivenin DDOS by Rioter Puddle Expertise
The Robust system for antivenin DDOS by Rioter Puddle Expertise
AM Publications
 
K010126674
K010126674K010126674
K010126674
IOSR Journals
 
A new approach to fight against the inter-domain BGP oscillations
A new approach to fight against the inter-domain BGP oscillationsA new approach to fight against the inter-domain BGP oscillations
A new approach to fight against the inter-domain BGP oscillations
IOSR Journals
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
Deploy360 Programme (Internet Society)
 
Secure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of BangladeshSecure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of Bangladesh
Bangladesh Network Operators Group
 
Week14 lec2
Week14 lec2Week14 lec2
Week14 lec2
syedhaiderraza
 
Review on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and PreventionReview on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and Prevention
IJARIIT
 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
IJNSA Journal
 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
IJNSA Journal
 
SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)
SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)
SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)
IJNSA Journal
 
IRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANET
IRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANETIRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANET
IRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANET
IRJET Journal
 
Vulnerability Exploitation in the Open Shortest Path First Protocol
Vulnerability Exploitation in the Open Shortest Path First ProtocolVulnerability Exploitation in the Open Shortest Path First Protocol
Vulnerability Exploitation in the Open Shortest Path First Protocol
IRJET Journal
 
Arun project-Final
Arun project-FinalArun project-Final
Arun project-Final
Arun CCNA,CCNAvoice,CCNP Voice,MCITPCertified
 
IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...
IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...
IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...
IRJET Journal
 

Similar to Detecting Malicious Dropping Attack in the Internet (20)

IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP SpoofingIRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
IRJET- Constructing Inter Domain Packet Filter for Controlling IP Spoofing
 
Securing Routing Protocol BGP
Securing Routing Protocol BGPSecuring Routing Protocol BGP
Securing Routing Protocol BGP
 
Routing security - Budapest 2011
Routing security - Budapest 2011Routing security - Budapest 2011
Routing security - Budapest 2011
 
Ac316d98ef501d3097d715b11f2fc7e75100
Ac316d98ef501d3097d715b11f2fc7e75100Ac316d98ef501d3097d715b11f2fc7e75100
Ac316d98ef501d3097d715b11f2fc7e75100
 
Analysis of GPSR and its Relevant Attacks in Wireless Sensor Networks
Analysis of GPSR and its Relevant Attacks in Wireless Sensor NetworksAnalysis of GPSR and its Relevant Attacks in Wireless Sensor Networks
Analysis of GPSR and its Relevant Attacks in Wireless Sensor Networks
 
04. Keamanan_Layer_Routing_sahoobi.pdf
04. Keamanan_Layer_Routing_sahoobi.pdf04. Keamanan_Layer_Routing_sahoobi.pdf
04. Keamanan_Layer_Routing_sahoobi.pdf
 
The Robust system for antivenin DDOS by Rioter Puddle Expertise
The Robust system for antivenin DDOS by Rioter Puddle ExpertiseThe Robust system for antivenin DDOS by Rioter Puddle Expertise
The Robust system for antivenin DDOS by Rioter Puddle Expertise
 
K010126674
K010126674K010126674
K010126674
 
A new approach to fight against the inter-domain BGP oscillations
A new approach to fight against the inter-domain BGP oscillationsA new approach to fight against the inter-domain BGP oscillations
A new approach to fight against the inter-domain BGP oscillations
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
 
Secure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of BangladeshSecure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of Bangladesh
 
Week14 lec2
Week14 lec2Week14 lec2
Week14 lec2
 
Review on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and PreventionReview on Grey- Hole Attack Detection and Prevention
Review on Grey- Hole Attack Detection and Prevention
 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
 
SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)
SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)
SECURITY ISSUES IN THE OPTIMIZED LINK STATE ROUTING PROTOCOL VERSION 2 (OLSRV2)
 
IRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANET
IRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANETIRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANET
IRJET- Detection of Black Hole Attacks in AODV Routing Protocol in MANET
 
Vulnerability Exploitation in the Open Shortest Path First Protocol
Vulnerability Exploitation in the Open Shortest Path First ProtocolVulnerability Exploitation in the Open Shortest Path First Protocol
Vulnerability Exploitation in the Open Shortest Path First Protocol
 
Arun project-Final
Arun project-FinalArun project-Final
Arun project-Final
 
IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...
IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...
IRJET- Detecting and Preventing Black Hole Attack in Manet using RSA Algo...
 

More from IDES Editor

Power System State Estimation - A Review
Power System State Estimation - A ReviewPower System State Estimation - A Review
Power System State Estimation - A Review
IDES Editor
 
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
Artificial Intelligence Technique based Reactive Power Planning Incorporating...Artificial Intelligence Technique based Reactive Power Planning Incorporating...
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
IDES Editor
 
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
IDES Editor
 
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
IDES Editor
 
Line Losses in the 14-Bus Power System Network using UPFC
Line Losses in the 14-Bus Power System Network using UPFCLine Losses in the 14-Bus Power System Network using UPFC
Line Losses in the 14-Bus Power System Network using UPFC
IDES Editor
 
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
IDES Editor
 
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
Assessing Uncertainty of Pushover Analysis to Geometric ModelingAssessing Uncertainty of Pushover Analysis to Geometric Modeling
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
IDES Editor
 
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
IDES Editor
 
Selfish Node Isolation & Incentivation using Progressive Thresholds
Selfish Node Isolation & Incentivation using Progressive ThresholdsSelfish Node Isolation & Incentivation using Progressive Thresholds
Selfish Node Isolation & Incentivation using Progressive Thresholds
IDES Editor
 
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
IDES Editor
 
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
IDES Editor
 
Cloud Security and Data Integrity with Client Accountability Framework
Cloud Security and Data Integrity with Client Accountability FrameworkCloud Security and Data Integrity with Client Accountability Framework
Cloud Security and Data Integrity with Client Accountability Framework
IDES Editor
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetGenetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
IDES Editor
 
Enhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through SteganographyEnhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor
 
Low Energy Routing for WSN’s
Low Energy Routing for WSN’sLow Energy Routing for WSN’s
Low Energy Routing for WSN’s
IDES Editor
 
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
IDES Editor
 
Rotman Lens Performance Analysis
Rotman Lens Performance AnalysisRotman Lens Performance Analysis
Rotman Lens Performance Analysis
IDES Editor
 
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral ImagesBand Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
IDES Editor
 
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
IDES Editor
 
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
IDES Editor
 

More from IDES Editor (20)

Power System State Estimation - A Review
Power System State Estimation - A ReviewPower System State Estimation - A Review
Power System State Estimation - A Review
 
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
Artificial Intelligence Technique based Reactive Power Planning Incorporating...Artificial Intelligence Technique based Reactive Power Planning Incorporating...
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
 
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
 
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
 
Line Losses in the 14-Bus Power System Network using UPFC
Line Losses in the 14-Bus Power System Network using UPFCLine Losses in the 14-Bus Power System Network using UPFC
Line Losses in the 14-Bus Power System Network using UPFC
 
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
 
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
Assessing Uncertainty of Pushover Analysis to Geometric ModelingAssessing Uncertainty of Pushover Analysis to Geometric Modeling
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
 
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
 
Selfish Node Isolation & Incentivation using Progressive Thresholds
Selfish Node Isolation & Incentivation using Progressive ThresholdsSelfish Node Isolation & Incentivation using Progressive Thresholds
Selfish Node Isolation & Incentivation using Progressive Thresholds
 
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
 
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
 
Cloud Security and Data Integrity with Client Accountability Framework
Cloud Security and Data Integrity with Client Accountability FrameworkCloud Security and Data Integrity with Client Accountability Framework
Cloud Security and Data Integrity with Client Accountability Framework
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetGenetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
 
Enhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through SteganographyEnhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through Steganography
 
Low Energy Routing for WSN’s
Low Energy Routing for WSN’sLow Energy Routing for WSN’s
Low Energy Routing for WSN’s
 
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
 
Rotman Lens Performance Analysis
Rotman Lens Performance AnalysisRotman Lens Performance Analysis
Rotman Lens Performance Analysis
 
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral ImagesBand Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
 
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
 
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
 

Recently uploaded

Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 

Recently uploaded (20)

Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 

Detecting Malicious Dropping Attack in the Internet

  • 1. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Detecting Malicious Dropping Attack in the Internet Lata L. Ragha1, B. B. Bhaumik2, and S. K. Mukhopadhyay3 1 Ramrao Adik Institute of Technology, Department of Computer Engineering, Nerul, Navi Mumbai, India Email: lata.ragha@gmail.com 2 Jadavpur University, Department of Computer Science and Engineering, Kolkata, India Email: bbbhaumik@yahoo.com 3 CA-30, Salt Lake, Sector-1, Kolkata-700064, India Email: mukho_s@hotmail.com Abstract— The current interdomain routing protocol, Border mechanisms, cannot protect routing protocols against some Gateway Protocol, is limited in implementations of universal kind of attacks. In [7], the authors describe one such attack, security. Because of this, it is vulnerable to many attacks at namely the malicious or selective dropping attack, which the AS to AS routing infrastructure. Initially, the major can cause data traffic blackhole and persistent traffic loop. concern about BGP security is that malicious BGP routers However, the authors do not present any technique to can arbitrarily falsify BGP routing messages and spread incorrect routing information. Recently, some authors have detect such attacks. pointed out the impact of a type of attack, namely selective In this paper, we describe a scheme, presented in [8], dropping or malicious dropping attack that has not studied used for detecting Instability in BGP and by using the same before. The malicious draping attack can result in data traffic technique we proposed a method for detecting malicious being blackholed or trapped in a loop. However, the authors dropping attacks in the Internet. This scheme is based on did not elaborate on how one can detect such attacks. In this adaptive segmentation of feature traces extracted from paper, we discuss and analyse a method that can be used to BGP update messages and exploiting the temporal and detect malicious dropping attacks in the Internet. spatial correlations in the traces for robust detection of the instability events. The route change information is used to Index Terms— Internet Routing Security, Selective or pinpoint the culprit ASes where the instabilities have malicious Dropping Attacks, BGP, Instability Analysis, Malicious Routers. originated. When this scheme cannot identify the instability source, it will probe its neighboring routers to see if they can identify the source of instability. Once the source of I. INTRODUCTION instability is identified, the stable route database will check Border Gateway Protocol (BGP) is the de facto to see if a malicious dropping attack is embedded within interdomain routing protocol [1]. Current Internet consists this burst of BGP UPDATES. If an attack is suspected, of many Autonomous Systems (ASes) connected by then a warning message will be flooded (with limited interdomain (inter-AS) links. Each AS is a set of routers scope) across the BGP routers in the Internet. that have the same routing policy within a single administrative domain. BGP is responsible for discovery II. MALICIOUS DROPPING ATTACK and maintenance of paths between ASes in the Internet. BGP routers exchange routing information via two types of BGP is a policy routing, path vector protocol. UPDATE messages: namely route withdrawal and route According to the inbound and outbound policies, BGP announcement. When a BGP router receives an UPDATE router may legitimately suppress some UPDATES. The from its neighboring BGP router, this message will be authors in [7] define two consistency properties for correct processed, stored, and redistributed in accordance with both BGP operation. In this model the notations: peer(u) BGP specification and the routing policies of the local AS. denotes the set of peers for node (AS) u, rib-in (u<=w) Previously, the major concern about BGP security is the denote node u’s most recently received message from peer authenticity and integrity of BGP UPDATES, especially w, rib(u) denotes the best path that u adopts and stores route origin information and AS path information stored in in the local-RIB, rib-out(u=>w) denotes the route that u the AS_PATH attribute. Incorrect UPDATES, due to either advertises to w. BGP router misconfiguration or malicious attack, may The properties defined by the authors in [7] are cause serious problems to the global Internet. Some duplicated below: countermeasures have been proposed to mitigate BGP 1. a) If rib(u) there must v peers(u) vulnerabilities. To protect BGP session from spoofed BGP [rib-in(u<=v)=rib(u)]. UPDATES sent by outsiders, TCP MD5 signature [2] using b) If rib(u) = , rib-in(u<=v) can be arbitrary. shared secret key between two BGP routers was proposed. a) For any w peers(u), if rib- S-BGP[3] and SoBGP[4] apply cryptography to prevent an out(u=>w) then rib-out(u=>w) = u attacker (either insider or outsider) from advertising faulty o rib(u). BGP messages or tampering normal messages. However, as b) It is possible that when rib(u) , there noted in [5], [6], [7], cryptography-based security exists 27 © 2011 ACEEE DOI: 01.IJNS.02.01.141
  • 2. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 rib-out(u=>w) = where w peers(u). preference value to the route learned from R1 than the The two properties listed above are legitimate properties route learned from R3 so that R2 uses (AS1, AS4, AS5) as that allow a BGP router at node u to drop BGP UPDATES. the best AS path. Initially, in the stable state, every router Property 1(a) implies node u can select a route from one chooses the correct next hop for the destination network. peer but drop the routes it received from the others. Same as the first example, we cut the link between R3 Property 1(b) indicates that node u does not have to use the and R5. Consequently, R3 sends route withdrawal to R1 route announced by node v to reach a particular destination and R2. R1 maliciously drops this incoming message and even though node u has no route. Property 2(a) guarantees still uses the route (AS3, AS5). When R2 receives the that no policy allows node u to use one route but announce withdrawal message, R2 uses the route (AS1, AS4, AS5) the other route to its peers. Property 2(b) indicates a policy and sends this route back to R3. Finally, R3 uses the route to authorize node u not to transit the traffic for node v even (AS2, AS1, AS4, AS5). From the routing policies, we can though node u can reach a particular destination. see that the loop has been formed. For the route to AS5, R3 Any BGP dropping that is not consistent to these two sets R2 as next hop, R2 sets R1 as next hop, R1 sets R3 as properties will be classified as malicious dropping. The next hop. and this can result in traffic blackhole and persistent traffic loop. III. SECURITY SOLUTIONS A. Blackhole The solution space for securing the global routing In the example network shown in Figure 1, we assume system can be broadly divided into three areas: prevention, that each node represents an AS, there is a BGP router mitigation, and detect-and-react. associated with each AS. A. Prevention The proposed secure BGP solutions in this category are based on cryptographic authentications [3], [9], [10], [11]. Unfortunately these solutions share some obstacles and effectively blocked the road towards actual deployment. The absence of a global PKI infrastructure in today’s Internet, The high computational overhead of verifying BGP Figure 1. Example network to show blackhole and rooting loop update signatures, The requirement of changing implementations of all The target network is owned by AS5. We study the routers to achieve effective protection. routes to this network in five BGP routers. In the initial stable state, R1 uses (AS3, AS5) as the best AS path to B. Mitigation reach the target network. R1 uses R3 as the next hop. When Even though many authors proposed different we cut the link between R3 and R5, under normal approaches to mitigate the attacks [12], [13], [14] through circumstances, R1 will remove (AS3, AS5) from the BGP observing each router for the origin ASes and AS paths of routing table and select (AS4, AS5) the best path. This path the routes over time, and defer the adaption to any sudden will be announced to AS2, which will use the path (AS1, route changes till the changes can be verified through other AS4, AS5). In the forwarding table, for the entry of the means, these approaches does not scale as a general particular network of AS5, R1 sets R4 as the next hop, R2 solutions for all prefixes. and R3 set R1 as the next hop. However, if R3 is malicious, it can hijack the normal traffic to the target network by C. Detect-and-React malicious dropping attack. In this example, we let R3 hold Over the years a number of detection-based security the withdrawal messages to R1 and only send a withdrawal solutions have been developed [13], [15], [16] and even message to R2. Consequently, although R1 receives the deployed. All the techniques usually have two basic route withdrawal from R2, it will still use R3 as next hop to components: a monitoring infrastructure that collects BGP deliver traffic to the network of AS5. Therefore, all the routing update information, and a user profile that provides traffic from AS1 will be blackholed by R3. the ground truth of the network being observed. One fundamental advantage of detection-based mechanisms is B. Routing Loop the ease of deployment and they do not require any change The same example network is used to explain about the in the operational system. Any of the proposed solutions of persistent routing loop. The target network is still instability detection in the Internet can be used to detect considered in AS5. The major difference from the first malicious dropping attacks. example network is that R3 is a normal node whereas R1 is malicious. R1 selectively drops outgoing route IV. INSTABILITY DETECTION announcements to R2 in the beginning. In the example, R1 sets (AS3, AS5) as the best path, yet drops the route update A methodology for identifying the source of instability to R2. It announces (AS1, AS4, AS5) to R2 instead of is described in literature [8]. The scheme is based on announcing the current route stored in the Loc-RIB. R3 adaptive segmentation of feature traces extracted from announces (AS3, AS5) to R2. R2 sets a larger local BGP update messages and exploiting the temporal and spatial correlations in the traces for robust detection of the 28 © 2011 ACEEE DOI: 01.IJNS.02.01.141
  • 3. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 instability events. Then the route change information is AS Path Length used to pinpoint the culprit ASes where the instabilities Routing instabilities cause established paths to become have originated. unavailable or may result in certain destinations being unreachable. As a result, instabilities are characterized by A System Architecture route withdrawals and the BGP path exploration process to This section presents a description of the architecture of find an alternative route to the same destination. the system and its components and their functions [8]. This Under such circumstances, it has been observed that the system can be broadly described as a two part scheme: the occurrence of many routes with abnormally long AS path first part detects the BGP instability events while the lengths. This is because in the absence of stable paths of second pinpoints the source of the instability. shorter lengths, BGP routers try to use longer alternative Feature Extractor: It performs the basic function of paths. Authors used the length of the AS paths received parsing the needed features from the BGP update messages from a peer as one of features and define it as: received by a router from its peers. It separates the update messages received from different peers into different ASPL = { Xij = (x0, x1, …); i = 1,…, Ml ; j = 1,…, NP } datasets and then performs the necessary parsing on these datasets to obtain the feature traces. The features are Where, Xij is a time series of the number of messages extracted on data collected every 5 minutes in order to limit with AS path length = i, received over every 5 minute the rate at which data needs to be processed. interval from peer number j, Ml is the maximum observed AS path length value and NP is the number of peers of the local BGP router. AS Path Edit Distance During instability, not only are a large number of long AS paths exchanged but also a large number of “rare” AS paths are advertised. We quantify the latter effect by treating AS paths received in consecutive messages as strings and obtaining edit distances between them as a measure of their dissimilarity. The AS path edit distance feature set is defined as: ASPED ={ Xij = (x0, x1, …); i = 1,…, Med ; j = 1,…, NP } Where, Xij is a time series of the number of messages Figure 2. Architecture of the detection and root cause location scheme with AS path edit distance i, received over every 5minute Change Detector: The important function of tracking interval from peer number j and Med is the maximum the behavior of the feature time series and detecting when a observed AS path edit distance value. substantial change occurs in them is performed here. The Message Volume change detection is performed for every feature trace Interdomain routing instabilities also exhibit a sharp and extracted from each peer separately, in parallel. sustained increase in the number of announcement and Alarm Correlator: It is used to make the detection withdrawal messages exchanged by the BGP routers [8]. robust against feature volatility. It implements the The volume of announcement and withdrawal messages as algorithm to establish whether the alarms obtained from the possible features that can be used to detect instabilities is different feature traces for the same peer are correlated. considered. These features are defined as The correlation is checked across different combinations of features using a decision tree based mechanism. AVi = { Xi = [ x(0), x(1),…] }, ∀i = 1,2,..,NP Alarm Classifier: It helps in identifying the location of WVi = { Yi =[ y(0), y(1),…] }, ∀i = 1,2,..,NP occurrence of the root cause event that caused the instabilities. It uses the AS-path data for this purpose. Where Xi and Yi are the time series of the number of announcements and withdrawals received in each interval B Feature Selection from peer number i, respectively. When a route or node failure occurs, each BGP router C Detection of Instabilities initiates a path exploration process for the failed routes. The path exploration process involves the exchange of This section describes the detection mechanism used in route withdrawal and announcement messages between [8]. The detection scheme is based on adaptive sequential BGP routers. These update messages show certain segmentation. The core of the segmentation is change characteristics that are specific to periods of instability and detection using a Generalized Likelihood Ratio (GLR) form the features used by our instability detection based hypothesis test. The segment boundary detection mechanism. From the BGP update messages received by a mechanism uses the GLR test to detect change points. This router, authors identify and extract features that are used to step is followed by a process to optimize the segment differentiate between BGP’s behavior during normal and boundary position (figure 3. anomalous periods 29 © 2011 ACEEE DOI: 01.IJNS.02.01.141
  • 4. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 routing table. If this troubled link is used in any best-path route, then the detection module returns a true (indicating that there is a possible malicious dropping attack). Otherwise, the detection module returns a false (no indication of malicious dropping attack). The pseudo code of the malicious dropping attack detection module is explained below in Figure 4. Detect_Dropping(u,t)//u is a cluster of updates at time period t { // this is used to monitor AS to report instability and dropper instability=Locate(u); // running locating algorithm try to // find instability if (instability == NULL) // if not found {instability=Ask_Neighbor(n, t); //ask peer upto n hops if (instability == NULL) { error(“can’t find instability!”); return; } } report instability, t; // if instability found dropper=Check_RT(instability, current_node); if (dropper != NULL) { report dropper, t; return; } return; } Figure 3. Algorithm for change detection and boundary position optimization [8] Figure 4: Malicious dropping attack detection procedure The change detection and boundary position optimization processes of Algorithm shown in figure 3 are We illustrate our proposed attack detection method applied to each feature trace and the change points detected using an example based on the network topology shown in are termed per-feature-trace alarms. The temporal Figure 5. We assume that each node represents an AS, correlations between the per-feature-trace alarms are used there is a BGP router associated with each AS and there is to reduce false alarms and make the detection process more a BGP peer session between the BGP routers if there is a robust against volatility of feature traces. The clustering of link exists between two nodes. the per-feature-trace alarms is done by using the time difference between them as a distance measure. Then a majority voting rule that requires the largest cluster to have alarms from more than half the number of feature traces is used to generate the final alarm. D Detection of Root cause location In order to locate the root-cause-AS, we need to find the first-changed-AS. The method that used here to find the first-changed-AS is an extension of the AS path edit distance feature extraction process. E Detection of Malicious dropping attacks The detection mechanism can be used to test and detect various types of instability events like: worm attack, Figure 5. Example of network topology equipment failure and BGP misconfiguration and hijack events. In case of hijacking if the downstream ASes did not Assume that link 5-6 is broken and this results in a burst have correct filters in plane, can cause a major instability of BGP update messages. If there is no malicious/selective and it is difficult to locate unique source of instability. dropping attack, and the proposed method is implemented We use the same methodology described in [8] to in any one of the routers, the source of instability can be extract BGP updates and locate the source of instability. easily located and the alarm message will be issued to all The difference is when the locating instability procedure the routers. However, if the link 5-6 is broken and at the fails to locate a unique source of instability; we allow that same time, the router in AS6 launches a malicious dropping observation point to probe its neighbors to see if they can attack towards AS11, then ASes 11, 18, 19, 20 cannot identify the source of instability. Based on these additional locate the source of the instability. AS11 can verify the information provided by its neighbors, an observation point source of instability after it has asked its neighboring may then be able to identify the source of instability. Next, routers i.e. AS10 and AS12 for information on the source this observation point will check its current routing table to of instability that they have identified for the same burst. see if the troubled inter-AS link is used in any current Upon receiving the information from AS10 and AS12, 30 © 2011 ACEEE DOI: 01.IJNS.02.01.141
  • 5. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 AS11 was able to check its routing table and discover a message, the damaged cost can be reduced to zero. We discrepancy about the status of the inter-AS link 5-6. Thus, intend to implement and analyze this proposed method by AS11 was able to detect a potential malicious/selective using NS-BGP simulator. dropping attack. AS11 can then issue a warning message which is propagated with limited scope across the network. REFERENCES The warning message contains information about the [1] Y. Rekhter and T. Li, “Border Gateway Protocol 4”, RFC identifier of the malicious router and any suspected broken 1771, SRI Network Information Center, July, 1995. links that are not reported. Such warning messages are authenticated so that attackers will not issue forged [2] A. Heffernan, “Protection of BGP sessions via the TCP MD5 signature option”, RFC 2385, SRI Network Information warning messages to confuse neighbors. BGP router Center, August, 1998 identity authentication approach proposed in S-BGP[4] can be used for authenticating warning messages. [3] S. Kent et al, “Secure Border Gateway Protocol (S-BGP)”, IEEE Journal on Selected Areas in Communications, In the above example, without the neighbour probing Volume18 Issue 4, April, 2000 technique, five of the AS routes will use an AS path that goes through the broken link as a result of the malicious [4] C. Kruegel et al, “Topology-based detection of anomalous dropping attack. With the neighbour probing technique, BGP messages”, Proceedings of 6th Symposium on Recent only three of the AS routes will use an AS path that goes Advanced in Intrusion Detection (RAID), 2003. through the broken link if no warning message is issued. If [5] S. M. Belovin and E. R. Gansner, “Using Link Cuts to attack the warning message is flooded across the whole network, Internet Routing”, draft, May 2003. then no AS will utilize a path that goes through the broken [6] S. M. Belovin, “Routing Security”, Talk at British Columbia inter-AS link and hence the damaged cost is reduced to 0. Institute of Technology, June 2003. One potential limitation of this technique is that unless a [7] K. Zhang, X. Zhao, F. Wu, “An analysis of Selective router has peers with at least 2 or 3 other routers, this router Dropping Attack in BGP“, Proceedings of IEEE IPCCC, will not be able to get additional information to help it April, 2004. locate the source of instability as well as detect any [8] Shivani Deshpande, Marina Thottan, Tin K. H. And Biplab potential malicious router that selectively drops BGP Sikdar, “An Online Mechanism for BGP Instability updates. Detection and Analysis”, IEEECSI, 2009. F Implementation [9] J. Ng. “Extensions to BGP to Support Secure Origin BGP”, fttp://ftpeng.cisco.com/sobgp/drafts/draft-ng-sobgp-bgp- Initially we are planning to implement the proposed extensions-02.txt, April 2004. method in NS-BGP simulator and later by using SSFNet. We are thinking for the topology with different weights for [10] G. Huston and G. Michaelson, “Validation of Route Origination in BGP using the Resource Certificate PKI”, different AS links based on the traffic load each carries or Internet Draft, IETF, 2008. the number of different AS routes that use a particular AS link. We are also thinking of possible solutions to address [11] S. S. M. Zhao and D. Nicol, “Aggregated path authentication for efficient BGP Security”, in 12th ACM Conference on several issues: Computer and Communications Security, November 2005. First, we need to propose a method for adding two new BGP message types for neighbor probing and warning [12] L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, A. Mankin, purposes. Next, one needs to carefully think about the S. Wu, and L. Zhang, “ Protecting BGP Routes to Top Level DNS Servers”, in Proceedings of the ICDCS 2003. scope of the warning message distribution. [13] J. Karlin, S. Forrest, and J. Rexford, “Pretty good BGP: V. CONCLUSION Improving BGP by cautiously adopting routes”, in Proceedings of the 14th IEEE International Conference on In this paper, we have described a method used for Network Protocols, 2006. detecting instabilities in the internet along with detection of [14] Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical root cause location. We also explained a neighbor probing defenses against BGP prefix hijacking”, in Proceedings of scheme for detecting malicious dropping attacks in the the ACM CoNEXT conference, 2007. Internet. The different network topologies have been [15] Y. J. Chi, R. Oliveira, and L. Zhang, “Cyclops: the AS-level theoretically analyzed to evaluate the effectiveness of our connectivity observatory”, SIGCOMM Computer proposed scheme. It is further analyzed that when the Communications, 2008. http://cyclops.cs.ucla.edu. method detects the presence of potential malicious router, [16] M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang, the damage cost can be reduced to certain percentage “PHAS: A prefix hijack alert system” in 15th USENIX without deploying the warning message. With the warning Security Symposium, 2006. 31 © 2011 ACEEE DOI: 01.IJNS.02.01.141