TY - GEN
T1 - Design and evaluation of a policy-based security routing and switching system for data interception attacks
AU - Zhao, Yudong
AU - Xu, Ke
AU - Mijumbi, Rashid
AU - Shen, Meng
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - In recent years, the world has been shocked by the increasing number of network attacks that take advantage of router vulnerabilities to perform data interceptions. Such attacks are generally based on low cost, unidirectional, concealed mechanisms, and are very difficult to recognize let alone restrain. This is especially so, because the most affected parties - the users and Internet Service Providers (ISPs) - have very little control, if any, on router vulnerabilities. In this paper, we design, implement and evaluate a policy-based security system aimed at stopping such attacks from both the routing and switching network functions, by detecting any violations in the set policies. We prove the system’s security completeness to data interception attacks. Based on simulations, we show that 100% of normal packets can pass through the policy-based system, and about 99.92% of intercepting ones would be caught. In addition, the performance of the proposed system is acceptable with regard to current TCP/IP networks.
AB - In recent years, the world has been shocked by the increasing number of network attacks that take advantage of router vulnerabilities to perform data interceptions. Such attacks are generally based on low cost, unidirectional, concealed mechanisms, and are very difficult to recognize let alone restrain. This is especially so, because the most affected parties - the users and Internet Service Providers (ISPs) - have very little control, if any, on router vulnerabilities. In this paper, we design, implement and evaluate a policy-based security system aimed at stopping such attacks from both the routing and switching network functions, by detecting any violations in the set policies. We prove the system’s security completeness to data interception attacks. Based on simulations, we show that 100% of normal packets can pass through the policy-based system, and about 99.92% of intercepting ones would be caught. In addition, the performance of the proposed system is acceptable with regard to current TCP/IP networks.
KW - Data interception attacks
KW - Policy-based routing and switching system
KW - Router vulnerabilities
KW - Security completeness
UR - http://www.scopus.com/inward/record.url?scp=84947232678&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-22047-5_15
DO - 10.1007/978-3-319-22047-5_15
M3 - Conference contribution
AN - SCOPUS:84947232678
SN - 9783319220468
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 179
EP - 192
BT - Big Data Computing and Communications - 1st International Conference, BigCom 2015, Proceedings
A2 - Argamon, Shlomo
A2 - Li, Xiang Yang
A2 - Xiong, Hui
A2 - Li, JianZhong
A2 - Wang, Yu
PB - Springer Verlag
T2 - 1st International Conference on Big Data Computing and Communications, BigCom 2015
Y2 - 1 August 2015 through 3 August 2015
ER -