Title :
Detecting disruptive routers: a distributed network monitoring approach
Author :
Bradley, Kirk A. ; Cheung, Steven ; Puketza, Nick ; Mukherjee, Biswanath ; Olsson, Ronald A.
Author_Institution :
Dept. of Comput. Sci., California Univ., Davis, CA, USA
Abstract :
An attractive target for a computer system attacker is the router. An attacker in control of a router can disrupt communication by dropping or misrouting packets passing through the router. We present a protocol called WATCHERS that detects and reacts to routers that drop or misroute packets. WATCHERS is based on the principle of conservation of flow in a network: all data bytes sent into a node, and not destined for that node, are expected to exit the node. WATCHERS tracks this flow, and detects routers that violate the conservation principle. We show that WATCHERS has several advantages over existing network monitoring techniques. We argue that WATCHERS´ impact on router performance and WATCHERS´ memory requirements are reasonable for many environments. We demonstrate that in ideal conditions WATCHERS makes no false-positive diagnoses. We also describe how WATCHERS can be tuned to perform nearly as well in realistic conditions
Keywords :
computer network management; computerised monitoring; message passing; packet switching; protocols; security of data; telecommunication network routing; WATCHERS; computer system attacker; conservation principle; data bytes; disruptive router detection; distributed network monitoring approach; flow conservation; memory requirements; network monitoring technique; realistic conditions; router performance; Communication system control; Computer science; Computerized monitoring; Condition monitoring; Fault detection; Gain control; Internet; Kirk field collapse effect; National security; Protocols;
Conference_Titel :
Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-8386-4
DOI :
10.1109/SECPRI.1998.674828
