Abstract
With the increase in the sophistication of cyberattacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs. Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.
Originalsprog | Engelsk |
---|---|
Titel | Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management |
Redaktører | Prosper Chemouil, Paulo Simoes, Edmundo Madeira, Stefano Secci, Edmundo Monteiro, Luciano Paschoal Gaspary, Carlos Raniery P. dos Santos, Marinos Charalambides |
Antal sider | 6 |
Forlag | IEEE |
Publikationsdato | 20 jul. 2017 |
Sider | 1046-1051 |
Artikelnummer | 7987436 |
ISBN (Elektronisk) | 9783901882890 |
DOI | |
Status | Udgivet - 20 jul. 2017 |
Udgivet eksternt | Ja |
Begivenhed | 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 - Lisbon, Portugal Varighed: 8 maj 2017 → 12 maj 2017 |
Konference
Konference | 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 |
---|---|
Land/Område | Portugal |
By | Lisbon |
Periode | 08/05/2017 → 12/05/2017 |
Sponsor | IEEE Communications Society, IFIP Working Group 6.6 |
Navn | Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management |
---|
Bibliografisk note
Publisher Copyright:© 2017 IFIP.