Detecting Malicious Packet Losses
ABSTRACT
We consider the
problem of detecting whether a compromised router is maliciously manipulating
its stream of packets. In particular, we are concerned with a simple yet
effective attack in which a router selectively drops packets destined for some
victim.
Unfortunately, it
is quite challenging to attribute a missing packet to a malicious action
because normal network congestion can produce the same effect. Modern networks
routinely drop packets when the load temporarily exceeds their buffering
capacities.
Previous detection
protocols have tried to address this problem with a user-defined threshold: too
many dropped packets imply malicious intent. However, this heuristic is
fundamentally unsound; setting this threshold is, at best, an art and will
certainly create unnecessary false positives or mask highly focused attacks.
We have designed, developed,
and implemented a compromised router detection protocol that dynamically
infers, based on measured traffic rates and buffer sizes, the number of
congestive packet losses that will occur.
Once the ambiguity from congestion is
removed, subsequent packet losses can be attributed to malicious actions. We
have tested our protocol in Emu lab and have studied its effectiveness in
differentiating attacks from legitimate network behavior.
HARDWARE SPECIFICATION
All the hard physical materials used in any system are called hardware.
These are the devices, which are made to perform specific functions and can do
only that works as instructed. They can be both electronic devices and
mechanical systems.
Processor : Pentium III/IV
Hard disk : 40 GB
Ram : 256 MB
Monitor : 15 VGA Color
Mouse : Ball/Optical
Keyboard : 102 Keys
SOFTWARE SPECIFICATION
Software is a set of instructions that are used to command any system to
perform any operation. Software has the advantage to make decisions to deliver
sensible results and is useful in handling complex situations.
Operating Systems : Windows
XP Professional
Platform : Java
No comments:
Post a Comment