File(s) under permanent embargo

Identifying OSPF LSA falsification attacks through non-linear analysis

journal contribution
posted on 01.02.2020, 00:00 authored by Bahaa Al-Musawi, Philip Branch, Mohammed Falih Hassan, Shiva PokhrelShiva Pokhrel
Open Shortest Path First (OSPF) is one of the most widely used intra-domain routing protocols. Unfortunately, it has many serious security issues. Falsification over OSPF is one of the most critical vulnerabilities that can cause routing loops and a black hole. In this paper, we introduce a novel approach by using a technique from non-linear statistical analysis to identify OSPF attacks. Firstly, we evaluate the capability of the non-linear technique to identify OSPF attacks using a controlled testbed where we introduce different types of LSA falsifications. Secondly, we evaluate our approach to detect different types of OSPF attacks using OSPF traffic associated with a single OSPF router and OSPF traffic associated with a set of OSPF routers. In both cases, our approach can detect anomalous behaviour quickly. Finally, we use various successful machine learning classifiers to analyze the outputs obtained from the non-linear analysis and calibrate their suitability in discovering such anomalies.

History

Journal

Computer networks

Volume

167

Article number

107031

Pagination

1 - 13

Publisher

Elsevier

Location

Amsterdam, The Netherlands

ISSN

1389-1286

eISSN

1872-7069

Language

eng

Publication classification

C1 Refereed article in a scholarly journal