OSPF Attack And Abnormity Detection Based On Trusted Router

As the security and credibility of router is getting more attention, in order toensure the router and OSPF protocol supply stable and trusted service, this paperproposed an attack detection and abnormity monitor system of OSPF based on trustedrouter. The research work presents as follows:Firstly, the paper gives a summarize of the trusted network, dynamic integritymeasurement and OSPF protocol, then introduces the current mainstream methods ofintegrity measurement and the prevention methods for OSPF attack and abnormity,analyzes the strengths and weaknesses of these mentioned methods. After the study ofprevious research and combines the background, this paper comes up with an OSPFattacks and abnormity detection systems based on trusted router.Secondly, this paper proposed a dynamic integrity measurement model based onDIMA. This model extends the trusted chain to whole router including the system andmodels previously proposed through TPM chip embedded in the router, andguarantees router’s trusted startup and trusted access, and provide dynamic integritymeasurement service support for the follow-up.Then, this paper presents an attack detection and abnormity monitor model.Attack detection model use a small storage space to reduce computing cost whichother methods consumed such as digital signature. It solved the weakness of digitalsignature method that the age field can’t be involved in, and also solved the real-timeproblem that other methods remain. Abnormity monitor model can monitor abnormalstate switch or abnormal flooding behavior. And when it happens, Abnormity monitormodel will record the issue on log, and call for a dynamic integrity measurement fromthe measure model previously mentioned.Finally, paper uses an open source software router named XORP to implementthe models. The experiment results show that, dynamic measurement model couldsuccessfully measure the integrity of router and OSPF protocol processes. The attackdetection model could prevent router from continued attack by a lower computingcost. Abnormity monitor model could monitor the abnormal state switch and floodingbehavior efficiently inside the OSPF protocol, and record it on log for further analyze.