Statistical anomaly detection for link-state routing protocols

The JiNao project at MCNC/NCSU focuses on detecting intrusions, especially insider attacks, against OSPF (Open Shortest Path First) routing protocol. This paper presents the implementation and experiments of the Ji-Nao's statistical intrusion detection module. Our implementation is based upon the algorithm developed in SRI's NIDES (Next-generation Intrusion Detection Expert System) project. Some modifications and improvements to NIDES/STAT are made for a more effective implementation in our environment. Also, three OSPF insider attacks (e.g., maxseq, maxage, and seq++ attacks) have been developed for evaluating the efficacy of detecting capability. The experiments were conducted on two different network routing testbeds. The results indicate that the proposed statistical mechanism is ver?, effective in detecting these routing protocol attacks.