Secure Split Assignment Trajectory Sampling: A Malicious Router Detection System

Routing infrastructure plays a vital role in the Internet, and attacks on routers can be damaging in numerous ways. Compromised routers can drop, modify, mis-forward or reorder valid packets. However, existing proposals for secure forwarding require substantial computational overhead and additional capabilities at routers. We propose Secure Split Assignment Trajectory Sampling (SATS), a system that detects malicious routers on the data plane. SATS locates a set of suspicious routers when packets do not follow their predicted paths. SATS works with a traffic measurement platform using packet sampling, has low overhead on routers and is applicable to high-speed networks. Different subsets of packets are sampled over different groups of routers (called Split Range Assignment) to ensure attackers cannot completely evade detection. Our evaluation shows that SATS can significantly limit a malicious router’s harm to a small portion of traffic in a network.