liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Crowd-based Detection of Routing Anomalies on the Internet
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
2015 (English)In: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015., IEEE Computer Society Digital Library, 2015, 388-396 p.Conference paper (Refereed)
Abstract [en]

The Internet is highly susceptible to routing attacks and there is no universally deployed solution that ensures that traffic is not hijacked by third parties. Individuals or organizations wanting to protect themselves from sustained attacks must therefore typically rely on measurements and traffic monitoring to detect attacks. Motivated by the high overhead costs of continuous active measurements, we argue that passive monitoring combined with collaborative information sharing and statistics can be used to provide alerts about traffic anomalies that may require further investigation. In this paper we present and evaluate a user-centric crowd-based approach in which users passively monitor their network traffic, share information about potential anomalies, and apply combined collaborative statistics to identify potential routing anomalies. The approach uses only passively collected round-trip time (RTT) measurements, is shown to have low overhead, regardless if a central or distributed architecture is used, and provides an attractive tradeoff between attack detection rates (when there is an attack) and false alert rates (needing further investigation) under normal conditions. Our data-driven analysis using longitudinal and distributed RTT measurements also provides insights into detector selection and the relative weight that should be given to candidate detectors at different distances from the potential victim node.

Place, publisher, year, edition, pages
IEEE Computer Society Digital Library, 2015. 388-396 p.
National Category
Communication Systems
Identifiers
URN: urn:nbn:se:liu:diva-129426DOI: 10.1109/CNS.2015.7346850OAI: oai:DiVA.org:liu-129426DiVA: diva2:939393
Conference
Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015.
Available from: 2016-06-19 Created: 2016-06-19 Last updated: 2016-06-30

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Hiran, RahulCarlsson, NiklasShahmehri, Nahid
By organisation
Database and information techniquesFaculty of Science & Engineering
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 9 hits
ReferencesLink to record
Permanent link

Direct link