Statistical approach for detecting malicious PCE activity in multi-domain networks

Inter-domain traffic engineering solutions based on the Path Computation Element (PCE) architecture are exposed to information confidentiality issues between network carriers. Licit PCE Protocol (PCEP) request sequences may hide a malicious intention to discover critical intra-domain information through correlations among replies. This work presents an innovative anomaly-based statistical approach based on the Sequential Hypothesis Testing (SHT) aiming to detect malicious utilization of PCEP by peer clients. A novel combined multi-feature SHT formulation is presented in combination with different decision policies for definitely ascertaining whether the behavior of the Path Computation Client (PCC) is malicious or not. Simulation results show improved performance in terms of detection and falsealarms probabilities while guaranteeing a trade-off between detection accuracy and delay.