Abstract

The JiNao project at MCNC/NCSU focuses on detecting intrusions, especially insider attacks, against the OSPF (open shortest path first) routing protocol. This paper presents the implementation and experiments of JiNao's statistical intrusion detection module. Our implementation is based upon the algorithm developed in SRI's NIDES (next-generation intrusion detection expert system) project. Some modifications and improvements to NIDES/STAT are made for a more effective implementation in our environment. Also, three OSPF insider attacks (e.g., maxseq, maxage, and seq++ attacks) have been developed for evaluating the efficacy of detecting capability. The experiments were conducted on two different network routing testbeds. The results indicate that the proposed statistical mechanism is very effective in detecting these routing protocol attacks.