Routers under Attack: a Graph-Based Analysis
Capodicasa, Laura
Promotor(s) : Donnet, Benoît
Date of defense : 9-Sep-2019/10-Sep-2019 • Permalink : http://hdl.handle.net/2268.2/7871
Details
Title : | Routers under Attack: a Graph-Based Analysis |
Author : | Capodicasa, Laura |
Date of defense : | 9-Sep-2019/10-Sep-2019 |
Advisor(s) : | Donnet, Benoît |
Committee's member(s) : | Leduc, Guy
Louveaux, Quentin |
Language : | English |
Discipline(s) : | Engineering, computing & technology > Civil engineering |
Institution(s) : | Université de Liège, Liège, Belgique |
Degree: | Master : ingénieur civil en informatique, à finalité spécialisée en "computer systems security" |
Faculty: | Master thesis of the Faculté des Sciences appliquées |
Abstract
[en] The generation of realistic maps of networks is of high interest since it gives a representative model of the Internet and thus of its properties. In this work, we will use a graph-based representation called an Internet router level map using data from publicly available datasets for which vertices are routers and edges are links between them.
To analyze these graphs we will chose several metrics representative of the graph structure and that will be interpreted in the context of network : the mean and maximum node degree, the node degree distribution, the graph density, the betweenness centrality, the clustering coefficient and the average clustering coefficient.
From there, we find a way to identify the vendor and hardware of each router of the map. This is call fingerprinting and we will based on ICMP time-exceeded replies (from traceroute probes of CAIDA’s public "IPv4 Routed /24 Topology" dataset), ICMP echo replies and ICMP address mask replies. We will obtain these two last information by launching a measurement campaign.
We will then simulated the malware propagation strategies targeting identified router vendors and having as effect the shut-down of a given percentage of randomly selected nodes of this vendor. This will be performed for several percentages, namely 0.1%, 0.5%, 1%, 2%, 5%, 10%, 25%, 50%, 75%, 90%, and for several vendors on AS 1239. Since the particular removed nodes should not impact too much the metrics, it will be performed 30 times for tuple [percentage, vendor hardware, AS] and the metric taken into consideration will be the mean on these 30 trials.
File(s)
Document(s)
Description: TFE report
Size: 2.31 MB
Format: Adobe PDF
Annexe(s)
Description: Zip file with the source code
Size: 352.04 kB
Format: Unknown
Description: Plots generated (referred main report)
Size: 8.21 MB
Format: Unknown
Cite this master thesis
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.