• DocumentCode
    3044082
  • Title

    Intrusion Detection Using Protocol-based Non-Conformance to Trusted Behaviors

  • Author

    Ramakrishnan, Vikram ; Kumar, R. Anil ; John, Sherin

  • Author_Institution
    Comput. Networks & Software Inc., Springfield
  • fYear
    2007
  • fDate
    April 30 2007-May 3 2007
  • Firstpage
    1
  • Lastpage
    12
  • Abstract
    Generalized multiple protocol label switching (GMPLS) extends multi protocol label switching (MPLS) to provide the control plane for use with high speed/bandwidth switching networks. The control plane protocols are vulnerable to attacks both from outside and within the network. SigSectrade, an intrusion detection system under development, is intended to help detect and protect against attacks and is based on the premise that the GMPLS management, signaling and routing protocols are similar to programming languages. A protocol can be compared to a language definition: it contains a vocabulary, syntax definition and semantics. Like any computer language the protocol language must be unambiguous. The protocol specifies the behavior of concurrently executing processes. This concurrency creates a new class of subtle issues. One technique to address these issues is the finite state machine (FSM). SigSec captures the signaling protocol messages and forwards them to the appropriate protocol analyzer in addition to saving them to a database. SigSec performs intrusion detection through multiple layers of checks and verifications. SigSec detects many known attacks that may pass through semantic and syntax analyzers. Results of the security attack profile analysis indicate that SigSec is capable of protecting the control plane against any number of attack profiles.
  • Keywords
    multiprotocol label switching; routing protocols; signalling protocols; telecommunication security; SigSec; computer language; control plane protocols; finite state machine; generalized multiple protocol label switching; intrusion detection; language definition; non-conformance; protocol analyzer; routing protocols; security attack profile analysis; semantic analyzers; semantics; signaling protocols; switching networks; syntax definition; trusted behaviors; Automata; Bandwidth; Computer languages; Concurrent computing; Intrusion detection; Multiprotocol label switching; Protection; Routing protocols; Signal analysis; Vocabulary;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Integrated Communications, Navigation and Surveillance Conference, 2007. ICNS '07
  • Conference_Location
    Herndon, VA
  • Print_ISBN
    1-4244-1216-1
  • Electronic_ISBN
    1-4244-1216-1
  • Type

    conf

  • DOI
    10.1109/ICNSURV.2007.384158
  • Filename
    4272190