多域网络中恶意PCE活动检测的统计方法

2012 IEEE 13th International Conference on High Performance Switching and Routing Pub Date : 2012-06-24 DOI:10.1109/HPSR.2012.6260845

M. Gharbaoui, F. Paolucci, A. Giorgetti, B. Martini, P. Castoldi

{"title":"多域网络中恶意PCE活动检测的统计方法","authors":"M. Gharbaoui, F. Paolucci, A. Giorgetti, B. Martini, P. Castoldi","doi":"10.1109/HPSR.2012.6260845","DOIUrl":null,"url":null,"abstract":"Inter-domain traffic engineering solutions based on the Path Computation Element (PCE) architecture are exposed to information confidentiality issues between network carriers. Licit PCE Protocol (PCEP) request sequences may hide a malicious intention to discover critical intra-domain information through correlations among replies. This work presents an innovative anomaly-based statistical approach based on the Sequential Hypothesis Testing (SHT) aiming to detect malicious utilization of PCEP by peer clients. A novel combined multi-feature SHT formulation is presented in combination with different decision policies for definitely ascertaining whether the behavior of the Path Computation Client (PCC) is malicious or not. Simulation results show improved performance in terms of detection and falsealarms probabilities while guaranteeing a trade-off between detection accuracy and delay.","PeriodicalId":163079,"journal":{"name":"2012 IEEE 13th International Conference on High Performance Switching and Routing","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Statistical approach for detecting malicious PCE activity in multi-domain networks\",\"authors\":\"M. Gharbaoui, F. Paolucci, A. Giorgetti, B. Martini, P. Castoldi\",\"doi\":\"10.1109/HPSR.2012.6260845\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Inter-domain traffic engineering solutions based on the Path Computation Element (PCE) architecture are exposed to information confidentiality issues between network carriers. Licit PCE Protocol (PCEP) request sequences may hide a malicious intention to discover critical intra-domain information through correlations among replies. This work presents an innovative anomaly-based statistical approach based on the Sequential Hypothesis Testing (SHT) aiming to detect malicious utilization of PCEP by peer clients. A novel combined multi-feature SHT formulation is presented in combination with different decision policies for definitely ascertaining whether the behavior of the Path Computation Client (PCC) is malicious or not. Simulation results show improved performance in terms of detection and falsealarms probabilities while guaranteeing a trade-off between detection accuracy and delay.\",\"PeriodicalId\":163079,\"journal\":{\"name\":\"2012 IEEE 13th International Conference on High Performance Switching and Routing\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE 13th International Conference on High Performance Switching and Routing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HPSR.2012.6260845\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 13th International Conference on High Performance Switching and Routing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPSR.2012.6260845","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

基于路径计算元素(PCE)架构的域间流量工程解决方案暴露出网络运营商之间的信息保密问题。合法的PCE协议(PCE Protocol)请求序列可能隐藏了恶意意图，即通过响应之间的相关性来发现域内的关键信息。这项工作提出了一种创新的基于序列假设检验(SHT)的基于异常的统计方法，旨在检测对等客户端对PCEP的恶意利用。结合不同的决策策略，提出了一种新的组合多特征SHT公式，用于确定路径计算客户端(PCC)的行为是否为恶意行为。仿真结果表明，在保证检测精度和延迟之间的权衡的同时，在检测和误报概率方面提高了性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Statistical approach for detecting malicious PCE activity in multi-domain networks

Inter-domain traffic engineering solutions based on the Path Computation Element (PCE) architecture are exposed to information confidentiality issues between network carriers. Licit PCE Protocol (PCEP) request sequences may hide a malicious intention to discover critical intra-domain information through correlations among replies. This work presents an innovative anomaly-based statistical approach based on the Sequential Hypothesis Testing (SHT) aiming to detect malicious utilization of PCEP by peer clients. A novel combined multi-feature SHT formulation is presented in combination with different decision policies for definitely ascertaining whether the behavior of the Path Computation Client (PCC) is malicious or not. Simulation results show improved performance in terms of detection and falsealarms probabilities while guaranteeing a trade-off between detection accuracy and delay.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 IEEE 13th International Conference on High Performance Switching and Routing

自引率

0.00%

发文量