Neighbor-based Dynamic Fault Localization In Network

The network is developing increasingly fast and as a result, network security and availability are becoming more and more important. Routers are the foundation of the network and acting critical roles. The existence of malicious routing nodes in the large scale network has become a major concern of people. These malicious nodes can drop, modify or inject packets in the network flows and these behaviors will impact the performance and reliability of the network and the attackers choose the routes as target because of the misconfiguration or backdoors of the nodes. However, as the development of the network, it is difficult to locate the malicious node in a large scale network.The traditional fault localization solutions can be divided into two categories. The first one is path-based solutions. The source node of a network flow is responsible for monitoring and locating the potential nodes in the path. The other type is neighbor-bases proposals of which the core idea is comparing the flows of two adjacent nodes and detecting any difference to monitor the behavors of its neighbors. However, the existing solutions suffer from the problems of flexibility, performance and practicability.This dissertation proposes that using 2-hop neighbors to detect the malicious behaviors in the network. By authenticating and counting the packets within 2 hops, the system can locate the malicious nodes and guarantee the reliability of the whole network.The proposal overcomes the disadvantages of path-based fault localization and can support the dynamic routing. It is also distributed protocal and does not need the time synchronization of all the nodes in the network. The system appends essential information in the packets to verify the integrity so that it can reduce the storage overhead.The system is implemented so that we can test the performance. The experiment is divided into simulation and Linux implementation. In the simulation, we set up network topology of ISP and datacenter to evaluate the accuracy and storage overhead in the real network topologies. By the Linux implementation, we test the computing performance of the system as well as the influence on the network throughput.The experiment shows that the storage overhead of the system is less than 140 KBs and the bandwidth burden is less than 2.5%. In the Web service test and big file transmission test, the computing overhead brought by the FL system is less than 10%.