TU Darmstadt / ULB / TUbiblio

On Probe-Response Attacks in Collaborative Intrusion Detection Systems

Vasilomanolakis, Emmanouil and Stahn, Michael and Cordero, Carlos Garcia and Mühlhäuser, Max :
On Probe-Response Attacks in Collaborative Intrusion Detection Systems.
IEEE Conference on Communications and Network Security IEEE
[Conference or Workshop Item] , (2016)

Abstract

Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Vasilomanolakis, Emmanouil and Stahn, Michael and Cordero, Carlos Garcia and Mühlhäuser, Max
Title: On Probe-Response Attacks in Collaborative Intrusion Detection Systems
Language: English
Abstract:

Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.

Title of Book: IEEE Conference on Communications and Network Security
Publisher: IEEE
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures;SPIN: Smart Protection in Infrastructures and Networks
Divisions: Department of Computer Science > Telecooperation
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
Department of Computer Science
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
LOEWE
DFG-Collaborative Research Centres (incl. Transregio)
Event Location: Philadelphia, USA
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/CNS.2016.7860495
Identification Number: TUD-CS-2016-0164
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item