Detection of routing-based attacks is difficult because malicious routing behavior can be identified only in specific network locations. In addition, the configuration of the signatures used by intrusion detection sensors is a time-consuming and error-prone task because it has to take into account both the network topology and the characteristics of the particular routing protocol in use. We describe an intrusion detection technique that uses information about both the network topology and the positioning of sensors to determine what can be considered malicious in a particular place of the network. The technique relies on an algorithm that automatically generates the appropriate sensor signatures. This paper presents a description of the approach, applies it to an intra-domain distance-vector protocol and reports the results of its evaluation.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	S. Axelsson. Intrusion Detection Systems: A Taxomomy and Survey. Technical Report 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, March 2000.
	2	K.A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R.A. Olsson. Detecting Disruptive Routers: A Distributed Network Monitoring Approach. In Proceedings of the IEEE Symposium on Security and Privacy, May 1998.
	3	S. Cheung, An efficient message authentication scheme for link state routing, Proceedings of the 13th Annual Computer Security Applications Conference, p.90, December 08-12, 1997
	4	Steven Cheung , Karl N. Levitt, Protecting routing infrastructures from denial of service using cooperative intrusion detection, Proceedings of the 1997 workshop on New security paradigms, p.94-106, September 23-26, 1997, Langdale, Cumbria, United Kingdom  [doi>10.1145/283699.283744]
	5	S. Cheung, K.N. Levitt, and C. Ko. Intrusion Detection for Network Infrastructures. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May 1995.
	6	M.T. Goodrich. Efficient and Secure Network Routing Algorithms. Provisional patent filing, January 2001.
	7	R. Hauser , T. Przygienda , G. Tsudik, Reducing The Cost Of Security In Link-State Routing, Proceedings of the 1997 Symposium on Network and Distributed System Security, p.93, February 10-11, 1997
	8	L.T. Heberlein, K. Levitt, and B. Mukherjee. An intrusion-detection system for large-scale networks. In Proceedings of the 15th National Computer Security Conference, Baltimore, MD, October 1992.
	9	Christian Huitema, Routing in the Internet, Prentice-Hall, Inc., Upper Saddle River, NJ, 1995
	10	Y.F. Jou, F. Gong, C. Sargor, X. Wu, F. Wu, H.C. Chang, and F. Wang. Design and Implementation of a Scalable Intrusion Detection System for the Protection of Network Infrastructure. In DARPA Information Survivability Conference and Exposition, January 2000.
	11	S. Kent, C. Lynn, J. Mikkelson, and K. Seo. Secure Border Gateway Protocol (Secure-BGP) - Real World Performance and Deployment Issues. In Proceedings of the Symposium on Network and Distributed System Security, February 2000.
	12	S. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (Secure-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582--592, April 2000.
	13	G. Malkin. Rip version 2. IETF RFC 2453, Nov 1998.
	14	Security Architecture for the Internet Infrastructure, Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), February 16-17, 1995
	15	S. L. Murphy , M. R. Badger, Digital signature protection of the OSPF routing protocol, Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96), p.93, February 22-23, 1996
	16	R. Perlman. Network Layer Protocols with Byzantine Robustness. PhD thesis, Department of EECS, MIT, August 1988.
	17	C. Sargor, Statistical Anomaly Detection for Link-State Routing Protocols, Proceedings of the Sixth International Conference on Network Protocols, p.62, October 13-16, 1998
	18	Y. Rekhter and T. Li. A border gateway protocol 4 (bgp-4). IETF RFC 1654, Mar 1995.
	19	B.R. Smith and J.J. Garcia-Luna-Aceves. Securing the Border Gateway Routing Protocol. In Proceedings of Global Internet '96, London, UK, November 1996.
	20	Bradley R. Smith , Shree Murthy , J. J. Garcia-Luna-Aceves, Securing Distance-Vector Routing Protocols, Proceedings of the 1997 Symposium on Network and Distributed System Security, p.85, February 10-11, 1997
	21	Feiyi Wang, On the Vulnerabilities and Protection of OSPF Routing Protocol, Proceedings of the International Conference on Computer Communications and Networks, p.148, October 12-15, 1998
	22	F. Wu, H.C. Chang, F. Jou, F. Wang, F. Gong, C. Sargor, D. Qu, and R. Cleaveland. Jinao: Design and implementation of a scalable intrusion detection system for the ospf routing protocol, February 1999.
	23	F. Wu, F. Wang, B.M. Vetter, W.R. Cleaveland, F. Jou, F. Gong, and C. Sargor. Intrusion Detection for Link-State Routing Protocols, December 1996.
	24	K. Zhang. Efficient Protocols for Signing Routing Messages. In Proceedings of the Symposium on Network and Distributed System Security, February 1998.