NDSS

Author(s): Livio Ricciulli , Pierangela Samarati , Patrick Lincoln, Sabrina De Capitani di Vimercati

Download: Paper (PDF)

Date: 4 Feb 1999

Document Type: Reports

Additional Documents: Slides

Associated Event: NDSS Symposium 1999

Abstract:

We describe a system for achieving PNNI (Private Network-Network Interface) Global Routing Infrastructure Protection (PGRIP). We give details of PGRIP’s system-level design and identify some conditions to rigorously guarantee the distributed fault tolerant detection of anomalies. PGRIP detects integrity compromises of PNNI routing by enforcing rules that characterize topology information updates that are anomalous (or uncommon) with respect to the network status, past events occurred, or statistical measures. Rules are expressed in a
exible and expressive, yet simple, language using a tree structure to organize and reference topology information maintained at each node. We introduce a powerful notation to identify data objects contained in the PNNI topology database and statistical operators to examine the history of topology database updates accumulated during PNNI operation. Using the given notation, we give heuristical rules to illustrate how some anomalous database operations can be detected.