Vasilomanolakis, Emmanouil and Sharief, Noorulla and Mühlhäuser, Max (2017):
Defending Against Probe-Response Attacks.
In: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), pp. 1046 - 1051,
IEEE, Lisbon, Portugal, ISBN 978-3-901882-89-0,
DOI: 10.23919/INM.2017.7987436,
[Conference or Workshop Item]
Abstract
With the increase in the sophistication of cyber-attacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS.In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs.Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.
Item Type: | Conference or Workshop Item |
---|---|
Erschienen: | 2017 |
Creators: | Vasilomanolakis, Emmanouil and Sharief, Noorulla and Mühlhäuser, Max |
Title: | Defending Against Probe-Response Attacks |
Language: | English |
Abstract: | With the increase in the sophistication of cyber-attacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS.In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs.Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS. |
Title of Book: | IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT) |
Publisher: | IEEE |
ISBN: | 978-3-901882-89-0 |
Uncontrolled Keywords: | SPIN: Smart Protection in Infrastructures and Networks |
Divisions: | 20 Department of Computer Science > Telecooperation 20 Department of Computer Science |
Event Location: | Lisbon, Portugal |
Date Deposited: | 20 Feb 2017 11:20 |
DOI: | 10.23919/INM.2017.7987436 |
Identification Number: | TUD-CS-2017-0037 |
Corresponding Links: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
![]() |
Send an inquiry |
Options (only for editors)
![]() |
Show editorial Details |