Statistical approach for detecting malicious PCE activity in multi-domain networks

Inter-domain traffic engineering solutions based on the Path Computation Element (PCE) architecture are exposed to information confidentiality issues between network carriers. Licit PCE Protocol (PCEP) request sequences may hide a malicious intention to discover critical intra-domain information through correlations among replies. This work presents an innovative anomaly-based statistical approach based on the Sequential Hypothesis Testing (SHT) aiming to detect malicious utilization of PCEP by peer clients. A novel combined multi-feature SHT formulation is presented in combination with different decision policies for definitely ascertaining whether the behavior of the Path Computation Client (PCC) is malicious or not. Simulation results show improved performance in terms of detection and falsealarms probabilities while guaranteeing a trade-off between detection accuracy and delay.

[1]  R. Martinez,et al.  Lab-trial of multi-domain lightpath provisioning with PCE path computation combining BRPC and path-key topology confidentiality in GMPLS translucent WSON networks , 2010, 36th European Conference and Exhibition on Optical Communication.

[2]  Cees T. A. M. de Laat,et al.  XACML Policy Profile for Multidomain Network Resource Provisioning and Supporting Authorisation Infrastructure , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[3]  Quanyan Zhu,et al.  Bayesian decision aggregation in collaborative intrusion detection networks , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[4]  R. Khan,et al.  Sequential Tests of Statistical Hypotheses. , 1972 .

[5]  P. Castoldi,et al.  Hierarchical PCE in GMPLS-based multi-domain Wavelength Switched Optical Networks , 2011, 2011 Optical Fiber Communication Conference and Exposition and the National Fiber Optic Engineers Conference.

[6]  P Castoldi,et al.  Preserving Confidentiality in PCE-based Multi-domain Networks , 2011, IEEE/OSA Journal of Optical Communications and Networking.

[7]  Urbashi Mitra,et al.  Parametric Methods for Anomaly Detection in Aggregate Traffic , 2011, IEEE/ACM Transactions on Networking.