Routers under Attack: a Graph-Based Analysis

Abstract

The generation of realistic maps of networks is of high interest since it gives a representative model of the Internet and thus of its properties. In this work, we will use a graph-based representation called an Internet router level map using data from publicly available datasets for which vertices are routers and edges are links between them.

To analyze these graphs we will chose several metrics representative of the graph structure and that will be interpreted in the context of network : the mean and maximum node degree, the node degree distribution, the graph density, the betweenness centrality, the clustering coefficient and the average clustering coefficient.

From there, we find a way to identify the vendor and hardware of each router of the map. This is call fingerprinting and we will based on ICMP time-exceeded replies (from traceroute probes of CAIDA’s public "IPv4 Routed /24 Topology" dataset), ICMP echo replies and ICMP address mask replies. We will obtain these two last information by launching a measurement campaign.

We will then simulated the malware propagation strategies targeting identified router vendors and having as effect the shut-down of a given percentage of randomly selected nodes of this vendor. This will be performed for several percentages, namely 0.1%, 0.5%, 1%, 2%, 5%, 10%, 25%, 50%, 75%, 90%, and for several vendors on AS 1239. Since the particular removed nodes should not impact too much the metrics, it will be performed 30 times for tuple [percentage, vendor hardware, AS] and the metric taken into consideration will be the mean on these 30 trials.