The next-generation Internet promises to provide a fundamental shift in the underlying architecture to support dynamic deployment of network protocols. With the introduction of programmability and dynamic protocol deployment in routers, potential vulnerabilities and attacks are expected to increase. In this paper, we consider the problem of detecting packet forwarding misbehavior in routers. Specifically, we focus on an attack scenario, where a router selectively drops packets destined for another node. Detecting such an attack is challenging since it requires differentiating malicious packet drops from congestion-based packet losses. We propose a controller-based misbehavior detection technique that effectively detects malicious routers using a hash-based delay sampling and verification. We provide a performance analysis of the detection accuracy and quantify the performance overhead of our system. Our results show that our technique provides accurate detection with low sampling rates.