Statistical Anomaly Detection for Link-State Routing Protocols

Download PDF
Open Webpage

Diheng Qu, Brian Vetter, Feiyi Wang, Ravindar Narayan, Shyhtsun Felix Wu, Y. Frank Jou, Fengmin Gong, Chandramouli Sargor

Published: 1998, Last Modified: 19 Mar 2026ICNP 1998EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The JiNao project at MCNC/NCSU focuses on detecting intrusions, especially insider attacks, against the OSPF (open shortest path first) routing protocol. This paper presents the implementation and experiments of JiNao's statistical intrusion detection module. Our implementation is based upon the algorithm developed in SRI's NIDES (next-generation intrusion detection expert system) project. Some modifications and improvements to NIDES/STAT are made for a more effective implementation in our environment. Also, three OSPF insider attacks (e.g., maxseq, maxage, and seq++ attacks) have been developed for evaluating the efficacy of detecting capability. The experiments were conducted on two different network routing testbeds. The results indicate that the proposed statistical mechanism is very effective in detecting these routing protocol attacks.