TU Darmstadt / ULB / TUbiblio

Defending Against Probe-Response Attacks

Vasilomanolakis, Emmanouil ; Sharief, Noorulla ; Mühlhäuser, Max (2017)
Defending Against Probe-Response Attacks.
Lisbon, Portugal
doi: 10.23919/INM.2017.7987436
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

With the increase in the sophistication of cyber-attacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS.In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs.Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2017
Autor(en): Vasilomanolakis, Emmanouil ; Sharief, Noorulla ; Mühlhäuser, Max
Art des Eintrags: Bibliographie
Titel: Defending Against Probe-Response Attacks
Sprache: Englisch
Publikationsjahr: Mai 2017
Verlag: IEEE
Buchtitel: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)
Veranstaltungsort: Lisbon, Portugal
DOI: 10.23919/INM.2017.7987436
Zugehörige Links:
Kurzbeschreibung (Abstract):

With the increase in the sophistication of cyber-attacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS.In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs.Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.
Freie Schlagworte: SPIN: Smart Protection in Infrastructures and Networks
ID-Nummer: TUD-CS-2017-0037
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Telekooperation
Hinterlegungsdatum: 20 Feb 2017 11:20
Letzte Änderung: 14 Jun 2021 06:14
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen
OAI 2.0-Basis-URL: https://tubiblio.ulb.tu-darmstadt.de/cgi/oai2 TUbiblio verwendet EPrints 3.
Drucken | Impressum | Datenschutzerklärung