Detecting Compromised Routers via Packet Forwarding Behavior
Skip to main content
Open Access Publications from the University of California

Detecting Compromised Routers via Packet Forwarding Behavior


While it is widely understood that criminal miscreants are subverting large numbers of Internet-connected computers (e.g., for bots, spyware, SPAM forwarding, etc.) it is less well appreciated that Internet routers are also being actively targeted and compromised. Indeed, due their central role in end-to-end communication, a compromised router can be leveraged to empower a wide range of direct attacks including eavesdropping, man-in-the-middle subterfuge and denial-of-service. In response, a range of specialized anomaly detection protocols has been proposed to detect misbehaving packet forwarding between routers. This paper provides a general framework for understanding the design space of this work and reviews the capabilities of various detection protocols.

Pre-2018 CSE ID: CS2007-0899

Main Content
For improved accessibility of PDF content, download the file to your device.
Current View