Vasilomanolakis, Emmanouil ; Sharief, Noorulla ; Mühlhäuser, Max (2017)
Defending Against Probe-Response Attacks.
Lisbon, Portugal
doi: 10.23919/INM.2017.7987436
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
With the increase in the sophistication of cyber-attacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS.In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs.Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2017 |
| Autor(en): | Vasilomanolakis, Emmanouil ; Sharief, Noorulla ; Mühlhäuser, Max |
| Art des Eintrags: | Bibliographie |
| Titel: | Defending Against Probe-Response Attacks |
| Sprache: | Englisch |
| Publikationsjahr: | Mai 2017 |
| Verlag: | IEEE |
| Buchtitel: | IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT) |
| Veranstaltungsort: | Lisbon, Portugal |
| DOI: | 10.23919/INM.2017.7987436 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | With the increase in the sophistication of cyber-attacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS.In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs.Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS. |
| Freie Schlagworte: | SPIN: Smart Protection in Infrastructures and Networks |
| ID-Nummer: | TUD-CS-2017-0037 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation |
| Hinterlegungsdatum: | 20 Feb 2017 11:20 |
| Letzte Änderung: | 14 Jun 2021 06:14 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum