DocumentCode
3044082
Title
Intrusion Detection Using Protocol-based Non-Conformance to Trusted Behaviors
Author
Ramakrishnan, Vikram ; Kumar, R. Anil ; John, Sherin
Author_Institution
Comput. Networks & Software Inc., Springfield
fYear
2007
fDate
April 30 2007-May 3 2007
Firstpage
1
Lastpage
12
Abstract
Generalized multiple protocol label switching (GMPLS) extends multi protocol label switching (MPLS) to provide the control plane for use with high speed/bandwidth switching networks. The control plane protocols are vulnerable to attacks both from outside and within the network. SigSectrade, an intrusion detection system under development, is intended to help detect and protect against attacks and is based on the premise that the GMPLS management, signaling and routing protocols are similar to programming languages. A protocol can be compared to a language definition: it contains a vocabulary, syntax definition and semantics. Like any computer language the protocol language must be unambiguous. The protocol specifies the behavior of concurrently executing processes. This concurrency creates a new class of subtle issues. One technique to address these issues is the finite state machine (FSM). SigSec captures the signaling protocol messages and forwards them to the appropriate protocol analyzer in addition to saving them to a database. SigSec performs intrusion detection through multiple layers of checks and verifications. SigSec detects many known attacks that may pass through semantic and syntax analyzers. Results of the security attack profile analysis indicate that SigSec is capable of protecting the control plane against any number of attack profiles.
Keywords
multiprotocol label switching; routing protocols; signalling protocols; telecommunication security; SigSec; computer language; control plane protocols; finite state machine; generalized multiple protocol label switching; intrusion detection; language definition; non-conformance; protocol analyzer; routing protocols; security attack profile analysis; semantic analyzers; semantics; signaling protocols; switching networks; syntax definition; trusted behaviors; Automata; Bandwidth; Computer languages; Concurrent computing; Intrusion detection; Multiprotocol label switching; Protection; Routing protocols; Signal analysis; Vocabulary;
fLanguage
English
Publisher
ieee
Conference_Titel
Integrated Communications, Navigation and Surveillance Conference, 2007. ICNS '07
Conference_Location
Herndon, VA
Print_ISBN
1-4244-1216-1
Electronic_ISBN
1-4244-1216-1
Type
conf
DOI
10.1109/ICNSURV.2007.384158
Filename
4272190
Link To Document