Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks

Ho Yen Chang; S. Felix Wu; Y. Frank Jou

doi:10.1145/383775.383776

Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks

Ho Yen Chang
, S. Felix Wu
, Y. Frank Jou

Department of Electrical Engineering

Research output: Contribution to journal › Article › peer-review

30 Citations (Scopus)

Abstract

A real-time knowledge-based network intrusion-detection model for a link-state routing protocol is presented for the OSPF protocol. This model includes three layers: a data process layer to parse packets and dispatch data; an event abstractor to abstract predefined real-time events for the link-state routing protocol; and an extended timed finite state machine to express the real-time behavior of the protocol engine and to detect intrusions by pattern matching. The timed FSM, called the JiNao Finite State Machine (JFSM) is extended from the conventional FSM with timed states, multiple timers, and time constraints on state transitions. The JFSM is implemented as a generator that can create any FSM by constructing the configuration file only. The results show that this approach is very effective for detecting real-time intrusions. Our approach can be extended for use in other network protocol intrusion-detection systems, especially for those with known attacks.

Original language	English
Pages (from-to)	1-36
Number of pages	36
Journal	ACM Transactions on Information and System Security
Volume	4
Issue number	1
DOIs	https://doi.org/10.1145/383775.383776
Publication status	Published - 2001

All Science Journal Classification (ASJC) codes

General Computer Science
Safety, Risk, Reliability and Quality

Access to Document

10.1145/383775.383776

Cite this

@article{e82cccb9c7c841fd915376e30928e640,

title = "Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks",

abstract = "A real-time knowledge-based network intrusion-detection model for a link-state routing protocol is presented for the OSPF protocol. This model includes three layers: a data process layer to parse packets and dispatch data; an event abstractor to abstract predefined real-time events for the link-state routing protocol; and an extended timed finite state machine to express the real-time behavior of the protocol engine and to detect intrusions by pattern matching. The timed FSM, called the JiNao Finite State Machine (JFSM) is extended from the conventional FSM with timed states, multiple timers, and time constraints on state transitions. The JFSM is implemented as a generator that can create any FSM by constructing the configuration file only. The results show that this approach is very effective for detecting real-time intrusions. Our approach can be extended for use in other network protocol intrusion-detection systems, especially for those with known attacks.",

author = "Chang, \{Ho Yen\} and Wu, \{S. Felix\} and Jou, \{Y. Frank\}",

year = "2001",

doi = "10.1145/383775.383776",

language = "English",

volume = "4",

pages = "1--36",

journal = "ACM Transactions on Information and System Security",

issn = "1094-9224",

publisher = "Association for Computing Machinery (ACM)",

number = "1",

}

TY - JOUR

T1 - Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks

AU - Chang, Ho Yen

AU - Wu, S. Felix

AU - Jou, Y. Frank

PY - 2001

Y1 - 2001

N2 - A real-time knowledge-based network intrusion-detection model for a link-state routing protocol is presented for the OSPF protocol. This model includes three layers: a data process layer to parse packets and dispatch data; an event abstractor to abstract predefined real-time events for the link-state routing protocol; and an extended timed finite state machine to express the real-time behavior of the protocol engine and to detect intrusions by pattern matching. The timed FSM, called the JiNao Finite State Machine (JFSM) is extended from the conventional FSM with timed states, multiple timers, and time constraints on state transitions. The JFSM is implemented as a generator that can create any FSM by constructing the configuration file only. The results show that this approach is very effective for detecting real-time intrusions. Our approach can be extended for use in other network protocol intrusion-detection systems, especially for those with known attacks.

AB - A real-time knowledge-based network intrusion-detection model for a link-state routing protocol is presented for the OSPF protocol. This model includes three layers: a data process layer to parse packets and dispatch data; an event abstractor to abstract predefined real-time events for the link-state routing protocol; and an extended timed finite state machine to express the real-time behavior of the protocol engine and to detect intrusions by pattern matching. The timed FSM, called the JiNao Finite State Machine (JFSM) is extended from the conventional FSM with timed states, multiple timers, and time constraints on state transitions. The JFSM is implemented as a generator that can create any FSM by constructing the configuration file only. The results show that this approach is very effective for detecting real-time intrusions. Our approach can be extended for use in other network protocol intrusion-detection systems, especially for those with known attacks.

UR - https://www.scopus.com/pages/publications/85017067350

UR - https://www.scopus.com/pages/publications/85017067350#tab=citedBy

U2 - 10.1145/383775.383776

DO - 10.1145/383775.383776

M3 - Article

AN - SCOPUS:85017067350

SN - 1094-9224

VL - 4

SP - 1

EP - 36

JO - ACM Transactions on Information and System Security

JF - ACM Transactions on Information and System Security

IS - 1

ER -

Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this