14 Days of Vacation: A Rogue Switch Detection Technique

Document Type


Lead Author Type

CIS Masters Student


Dr. Vijay Bhuse, vijay_bhuse@gvsu.edu

Embargo Period



Networks are growing both in size and complexity. As this complexity increases it has become harder to detect a compromised node.

In this presentation, we demonstrate an application of a business solution for detecting malicious actors. Our solution is based on an enforcement of 14 days of vacation per year. This is done in banking as a best practice to detect employees committing fraud or otherwise engaging in a malicious behavior.

We regularly swap nodes in the network with known good units and then compare observed behavior of the suspect node, to the behavior of the known good node. By doing this, we can detect many forms of malicious behavior indicating a compromised node.

This document is currently not available here.