| The objective of this dissertation is to study the vulnerabilities of link state routing protocol, design and implement new approaches for intrusion prevention and detection. As one of the cornerstones of network infrastructure, routing systems are facing more threats than ever: they are vulnerable by nature and challenging to protect. Drawing upon working results from two DARPA research projects, JiNao (Scalable Intrusion Detection for the Emerging Network Infrastructure) and GIANT (Global Intrusion Assessment Through Distributed Decision Making), the dissertation makes the following contributions: First, it systematically analyzes the vulnerabilities of link state routing protocol from design, implementation, environment, and configuration aspects, making comparisons with other distance vector based protocols when necessary and discovering potential attack points. The vulnerability analysis establishes foundations for prevention and intrusion detection. Second, it describes the design and implementation of wrapper-based active protection for routing protocol, which are most suitable to prevent known vulnerabilities and provide architectural advantage to legacy systems. Third, it describes integrated network management (INM) based intrusion detection method. The integration of management and control planes will enlarge the scope of available information and enable more effective intrusion detections. Three insider attacks have been developed to evaluate its effectiveness and detection capability. Fourth, it describes a new property-oriented detection (POD) algorithm that differs from traditional signature based or profile based intrusion detection paradigms in the sense that it utilizes functional properties and correlates the history and future to validate link state database changes. By exploring primary concerned system properties, we show that detection effort can be conducted in a more focused and systematic fashion. |
