Defending against Probe-Response Attacks

Emmanouil Vasilomanolakis; Noorulla Sharief; Max Mühlhäuser

doi:10.23919/INM.2017.7987436

Defending against Probe-Response Attacks

Emmanouil Vasilomanolakis, Noorulla Sharief, Max Mühlhäuser

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

1 Citationer (Scopus)

Abstract

With the increase in the sophistication of cyberattacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs. Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.

Originalsprog	Engelsk
Titel	Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management
Redaktører	Prosper Chemouil, Paulo Simoes, Edmundo Madeira, Stefano Secci, Edmundo Monteiro, Luciano Paschoal Gaspary, Carlos Raniery P. dos Santos, Marinos Charalambides
Antal sider	6
Forlag	IEEE
Publikationsdato	20 jul. 2017
Sider	1046-1051
Artikelnummer	7987436
ISBN (Elektronisk)	9783901882890
DOI	https://doi.org/10.23919/INM.2017.7987436
Status	Udgivet - 20 jul. 2017
Udgivet eksternt	Ja
Begivenhed	15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 - Lisbon, Portugal Varighed: 8 maj 2017 → 12 maj 2017

Konference

Konference	15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017
Land/Område	Portugal
By	Lisbon
Periode	08/05/2017 → 12/05/2017
Sponsor	IEEE Communications Society, IFIP Working Group 6.6

Navn	Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

Bibliografisk note

Publisher Copyright:
© 2017 IFIP.

Adgang til dokumentet

10.23919/INM.2017.7987436

AUB Link

Søg efter materialet i Aalborg Universitetsbiblioteks søgemaskine

Andre filer og links

Link to publication in Scopus

Citationsformater

Vasilomanolakis, E., Sharief, N., & Mühlhäuser, M. (2017). Defending against Probe-Response Attacks. I P. Chemouil, P. Simoes, E. Madeira, S. Secci, E. Monteiro, L. P. Gaspary, C. R. P. dos Santos, & M. Charalambides (red.), Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management (s. 1046-1051). Artikel 7987436 IEEE. https://doi.org/10.23919/INM.2017.7987436

Vasilomanolakis, Emmanouil ; Sharief, Noorulla ; Mühlhäuser, Max. / Defending against Probe-Response Attacks. Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. red. / Prosper Chemouil ; Paulo Simoes ; Edmundo Madeira ; Stefano Secci ; Edmundo Monteiro ; Luciano Paschoal Gaspary ; Carlos Raniery P. dos Santos ; Marinos Charalambides. IEEE, 2017. s. 1046-1051 (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management).

@inproceedings{35f8adcd123d46fd8f96b399af7ec62b,

title = "Defending against Probe-Response Attacks",

abstract = "With the increase in the sophistication of cyberattacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs. Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.",

author = "Emmanouil Vasilomanolakis and Noorulla Sharief and Max M{\"u}hlh{\"a}user",

note = "Funding Information: VII. ACKNOWLEDGMENTS The research leading to these results has received funding from the European Union{\textquoteright}s Horizon 2020 Research and Innovation Program, PROTECTIVE, under Grant Agreement No 700071. Publisher Copyright: {\textcopyright} 2017 IFIP.; 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 ; Conference date: 08-05-2017 Through 12-05-2017",

year = "2017",

month = jul,

day = "20",

doi = "10.23919/INM.2017.7987436",

language = "English",

series = "Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management",

pages = "1046--1051",

editor = "Prosper Chemouil and Paulo Simoes and Edmundo Madeira and Stefano Secci and Edmundo Monteiro and Gaspary, {Luciano Paschoal} and {dos Santos}, {Carlos Raniery P.} and Marinos Charalambides",

booktitle = "Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management",

publisher = "IEEE",

address = "United States",

}

Vasilomanolakis, E, Sharief, N & Mühlhäuser, M 2017, Defending against Probe-Response Attacks. i P Chemouil, P Simoes, E Madeira, S Secci, E Monteiro, LP Gaspary, CRP dos Santos & M Charalambides (red), Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management., 7987436, IEEE, Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management, s. 1046-1051, 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017, Lisbon, Portugal, 08/05/2017. https://doi.org/10.23919/INM.2017.7987436

Defending against Probe-Response Attacks. / Vasilomanolakis, Emmanouil; Sharief, Noorulla; Mühlhäuser, Max.
Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. red. / Prosper Chemouil; Paulo Simoes; Edmundo Madeira; Stefano Secci; Edmundo Monteiro; Luciano Paschoal Gaspary; Carlos Raniery P. dos Santos; Marinos Charalambides. IEEE, 2017. s. 1046-1051 7987436 (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management).

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

TY - GEN

T1 - Defending against Probe-Response Attacks

AU - Vasilomanolakis, Emmanouil

AU - Sharief, Noorulla

AU - Mühlhäuser, Max

N1 - Funding Information: VII. ACKNOWLEDGMENTS The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Program, PROTECTIVE, under Grant Agreement No 700071. Publisher Copyright: © 2017 IFIP.

PY - 2017/7/20

Y1 - 2017/7/20

N2 - With the increase in the sophistication of cyberattacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs. Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.

AB - With the increase in the sophistication of cyberattacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs. Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS.

UR - http://www.scopus.com/inward/record.url?scp=85029409234&partnerID=8YFLogxK

U2 - 10.23919/INM.2017.7987436

DO - 10.23919/INM.2017.7987436

M3 - Article in proceeding

AN - SCOPUS:85029409234

T3 - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

SP - 1046

EP - 1051

BT - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

A2 - Chemouil, Prosper

A2 - Simoes, Paulo

A2 - Madeira, Edmundo

A2 - Secci, Stefano

A2 - Monteiro, Edmundo

A2 - Gaspary, Luciano Paschoal

A2 - dos Santos, Carlos Raniery P.

A2 - Charalambides, Marinos

PB - IEEE

T2 - 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017

Y2 - 8 May 2017 through 12 May 2017

ER -

Vasilomanolakis E, Sharief N, Mühlhäuser M. Defending against Probe-Response Attacks. I Chemouil P, Simoes P, Madeira E, Secci S, Monteiro E, Gaspary LP, dos Santos CRP, Charalambides M, red., Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. IEEE. 2017. s. 1046-1051. 7987436. (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management). doi: 10.23919/INM.2017.7987436

Defending against Probe-Response Attacks

Abstract

Konference

Bibliografisk note

Adgang til dokumentet

AUB Link

Andre filer og links

Fingeraftryk

Citationsformater