Identifying OSPF LSA falsification attacks through non-linear analysis

Open Shortest Path First (OSPF) is one of the most widely used intra-domain routing protocols. Unfortunately, it has many serious security issues. Falsification over OSPF is one of the most critical vulnerabilities that can cause routing loops and a black hole. In this paper, we introduce a novel approach by using a technique from non-linear statistical analysis to identify OSPF attacks. Firstly, we evaluate the capability of the non-linear technique to identify OSPF attacks using a controlled testbed where we introduce different types of LSA falsifications. Secondly, we evaluate our approach to detect different types of OSPF attacks using OSPF traffic associated with a single OSPF router and OSPF traffic associated with a set of OSPF routers. In both cases, our approach can detect anomalous behaviour quickly. Finally, we use various successful machine learning classifiers to analyze the outputs obtained from the non-linear analysis and calibrate their suitability in discovering such anomalies.