TU Darmstadt / ULB / TUbiblio

On Probe-Response Attacks in Collaborative Intrusion Detection Systems

Vasilomanolakis, Emmanouil ; Stahn, Michael ; Garcia Cordero, Carlos ; Mühlhäuser, Max (2016)
On Probe-Response Attacks in Collaborative Intrusion Detection Systems.
Philadelphia, USA
doi: 10.1109/CNS.2016.7860495
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2016
Autor(en): Vasilomanolakis, Emmanouil ; Stahn, Michael ; Garcia Cordero, Carlos ; Mühlhäuser, Max
Art des Eintrags: Bibliographie
Titel: On Probe-Response Attacks in Collaborative Intrusion Detection Systems
Sprache: Englisch
Publikationsjahr: Oktober 2016
Verlag: IEEE
Buchtitel: IEEE Conference on Communications and Network Security
Veranstaltungsort: Philadelphia, USA
DOI: 10.1109/CNS.2016.7860495
Zugehörige Links:
Kurzbeschreibung (Abstract):

Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.

Freie Schlagworte: - SSI - Area Secure Smart Infrastructures;SPIN: Smart Protection in Infrastructures and Networks; Solutions; S1
ID-Nummer: TUD-CS-2016-0164
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Telekooperation
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 31 Dez 2016 12:59
Letzte Änderung: 14 Jun 2021 06:14
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen