In this paper, we have a tendency to think about the problem of detecting whether or not a compromised router is maliciously manipulating its stream of packets. In specific, we are involved with a straightforward yet effective attack in that a router selectively drops packets destined for some victim. Unfortunately, it's quite challenging to attribute a missing packet to a malicious action because traditional network congestion can produce the identical effect. Modern networks routinely drop packets when the load quickly exceeds their buffering capacities. Previous detection protocols have tried to deal with this drawback with a user-defined threshold: too several dropped packets imply malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and can actually produce unnecessary false positives or mask highly focused attacks. We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, primarily based on measured traffic rates and buffer sizes, the quantity of congestive packet losses that can occur. Once the anomaly from congestion is removed, subsequent packet losses can be attributed to malicious actions. We tend to have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here