“Specification-Based Intrusion Detection System for Carrier Ethernet”
in In International Conference on Web Information Systems and Technologies(WEBIST 2007), Barcelona, Spain, March 2007, Mar. 2007.
Abstract: Layered network architectures (OSI, TCP/IP) separate functionality in layers, allowing them to be designed and implemented independently. However, from the security point of view, once a lower layer is compromised, the reliability of the higher layers can be impaired. This paper is about the security of the Data Link Layer, which can affect the reliability of higher layers, like TCP, HTTP and other World-Wide Web protocols. The paper analyzes security-wise a layer 2 protocol – the Spanning Tree Protocol (STP), part of the Ethernet suite – and presents a solution to detect attacks against this protocol using Specification-based Intrusion Detection.