TU Darmstadt / ULB / TUbiblio

Probe-response attacks on collaborative intrusion detection systems: effectiveness and countermeasures

Vasilomanolakis, Emmanouil and Stahn, Michael and Cordero, Carlos Garcia and Mühlhäuser, Max (2015):
Probe-response attacks on collaborative intrusion detection systems: effectiveness and countermeasures.
In: IEEE Conference on Communications and Network Security (CNS), IEEE, Florence, Italy, ISBN 978-1-4673-7876-5,
DOI: 10.1109/CNS.2015.7346892, [Conference or Workshop Item]

Abstract

Over the last years the number of cyber-attacks has been constantly increasing. Since isolated Intrusion Detection Systems (IDSs) cannot cope with the number and sophistication of attacks, collaboration among the defenders is required. Collaborative IDSs (CIDSs) work by exchanging alert traffic to construct a holistic view of the monitored network. However, an adversary can utilize probe-response attacks to successfully detect CIDS's monitoring sensors. We discuss the practicability of such attacks, suggest improvements, and also propose novel techniques to reduce the effects of such attacks. Moreover, we present preliminary results in the applicability of the attacks and hints on performing such attacks in a well known CIDS.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Vasilomanolakis, Emmanouil and Stahn, Michael and Cordero, Carlos Garcia and Mühlhäuser, Max
Title: Probe-response attacks on collaborative intrusion detection systems: effectiveness and countermeasures
Language: German
Abstract:

Over the last years the number of cyber-attacks has been constantly increasing. Since isolated Intrusion Detection Systems (IDSs) cannot cope with the number and sophistication of attacks, collaboration among the defenders is required. Collaborative IDSs (CIDSs) work by exchanging alert traffic to construct a holistic view of the monitored network. However, an adversary can utilize probe-response attacks to successfully detect CIDS's monitoring sensors. We discuss the practicability of such attacks, suggest improvements, and also propose novel techniques to reduce the effects of such attacks. Moreover, we present preliminary results in the applicability of the attacks and hints on performing such attacks in a well known CIDS.

Title of Book: IEEE Conference on Communications and Network Security (CNS)
Publisher: IEEE
ISBN: 978-1-4673-7876-5
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures;Secure Services
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Event Location: Florence, Italy
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/CNS.2015.7346892
Identification Number: TUD-CS-2015-1182
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item