Asynchronous Transfer Mode (ATM) Sentinel Intrusion Detection

Abstract

The ATM Sentinel project comprised three phases. The first phase was a review of relevant ATM protocol and security documents to determine the state of the art and develop a concept for the system. During this phase we also identified attack scenarios that were specific to components of the ATM PNNI specification and that could result in serious degradation of an ATM network. These attack scenarios were provided to our subcontractor, Professor Sumit Ghosh of Arizona State University, to develop specific attack details for analysis in their behavioral model. That model allowed LIS to gain the insight necessary to detect the attacks and define signatures for the ATM-Sentinel prototype. The second phase entailed the development of the behavioral model and the generation of data from it using a simulation developed by Prof. Ghosh and his students to study dynamical, asynchronous systems. In this phase of the program, Prof. Ghosh studied variations on five different attacks. He considered different load levels placed on the network by the attacker. He also studied the effects of target or link location in the network on the effective of the attack on the target and on the network as a whole. His results showed that location does affect the network statistics. He also showed that the signature of the attack may be distributed around the network and it is apparent not only in performance degradations, but also performance improvements. That is, some of the nodes or links may actually have better performance because the attack reduces the load that reaches them.

Document Details

Document Type

Technical Report

Publication Date

Oct 01, 2002

Accession Number

ADA408573

Entities

Tags