Real-time protocol analysis for detecting link-state routing protocol attacks

Abstract

A real-time knowledge-based network intrusion-detection model for a link-state routing protocol is presented for the OSPF protocol. This model includes three layers: a data process layer to parse packets and dispatch data; and event abstractor to abstract predefined real-time events for the link-state routing protocol; and an extended timed finite state machine to express the real-time behavior of the protocol engine and to detect intrusions by pattern matching. The timed FSM, called the JiNao Finite State Machine (JFSM) is extended from the conventional FSM with timed states, multiple timers, and time constraints on state transitions. The JFSM is implemented as a generator that can create and FSM by constructing the configuration file only. The results show that this approach is very effective for detecting real-time intrusions. Our approach can be extended for use in other network protocol intrusion-detection systems, especially for those with known attacks.

Keywords

This publication has 12 references indexed in Scilit:

A simple assertional proof system for real-time systems
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
Detecting disruptive routers: a distributed network monitoring approach
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
A theory of timed automata
Published by Elsevier ,2002
Timed Automata
Published by Springer Nature ,1999
State transition analysis: a rule-based intrusion detection approach
IEEE Transactions on Software Engineering, 1995
Network intrusion detection
IEEE Network, 1994
Reasoning assertionally about real-time systems
Proceedings of the IEEE, 1994
Protocol verification made simple: a tutorial
Computer Networks and ISDN Systems, 1993
An Intrusion-Detection Model
IEEE Transactions on Software Engineering, 1987
Self-stabilizing systems in spite of distributed control
Communications of the ACM, 1974