Cyber Trust: Real-Time Internet Routing Anomaly Detection and Mitigation
Regents Of The University Of Michigan - Ann Arbor, Ann Arbor MI
Investigators
Abstract
Cyber Trust: Real-Time Internet Routing Anomaly Detection and Mitigation Zhuoqing Mao, University of Michigan Ann Arbor Award 0430204 Abstract This project is investigating the detection and mitigation of routing anomalies, defined broadly to be any unexpected Internet routing behavior resulting in data packets unable to reach the actual destination with reasonable performance or not following the advertised routes to reach the destination. This work involves designing a novel distributed routing Intrusion Detection System (Router IDS) for performing real-time routing anomaly detection and mitigation. The Router IDS detects routing anomalies by combining publicly available routing data from multiple vantage points to check consistency and identify deviations from past routing behavior. It disambiguates uncertainties by correlating routing data with both passively collected traffic data as well as actively triggered lightweight probe packets. In response to detected routing anomalies, routing policies are modified or the suspicious routing updates are filtered. Overlay routing can also be used to bypass the router using the incorrect route. This project is building a prototype to test the effectiveness of the detection and mitigation algorithms. The prototype can be deployed at any network domain to achieve protection from external routing anomalies. The project involves ongoing collaboration with researchers at research labs, industry, and the operator community, in order to provide practical insights.
View original record on NSF Award Search →