liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Crowd-based Detection of Routing Anomalies on the Internet
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
2015 (English)In: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015., IEEE Computer Society Digital Library, 2015, 388-396 p.Conference paper, Published paper (Refereed)
Abstract [en]

The Internet is highly susceptible to routing attacks and there is no universally deployed solution that ensures that traffic is not hijacked by third parties. Individuals or organizations wanting to protect themselves from sustained attacks must therefore typically rely on measurements and traffic monitoring to detect attacks. Motivated by the high overhead costs of continuous active measurements, we argue that passive monitoring combined with collaborative information sharing and statistics can be used to provide alerts about traffic anomalies that may require further investigation. In this paper we present and evaluate a user-centric crowd-based approach in which users passively monitor their network traffic, share information about potential anomalies, and apply combined collaborative statistics to identify potential routing anomalies. The approach uses only passively collected round-trip time (RTT) measurements, is shown to have low overhead, regardless if a central or distributed architecture is used, and provides an attractive tradeoff between attack detection rates (when there is an attack) and false alert rates (needing further investigation) under normal conditions. Our data-driven analysis using longitudinal and distributed RTT measurements also provides insights into detector selection and the relative weight that should be given to candidate detectors at different distances from the potential victim node.

Place, publisher, year, edition, pages
IEEE Computer Society Digital Library, 2015. 388-396 p.
National Category
Communication Systems
Identifiers
URN: urn:nbn:se:liu:diva-129426DOI: 10.1109/CNS.2015.7346850ISI: 000380401800048ISBN: 978-1-4673-7876-5 (print)OAI: oai:DiVA.org:liu-129426DiVA: diva2:939393
Conference
Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015.
Available from: 2016-06-19 Created: 2016-06-19 Last updated: 2017-03-16

Open Access in DiVA

fulltext(375 kB)7 downloads
File information
File name FULLTEXT01.pdfFile size 375 kBChecksum SHA-512
ccee7ebc21eb4e73a1d78221fa6b55dcbe2283dcacddb0d8def8968784c6353befb2c29a16ca32423b3c7f983956255e46b6465c48dae09cba5b137d4322ff04
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Hiran, RahulCarlsson, NiklasShahmehri, Nahid
By organisation
Database and information techniquesFaculty of Science & Engineering
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 7 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 64 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf