On probe-response attacks in Collaborative Intrusion Detection Systems

Emmanouil Vasilomanolakis; Michael Stahn; Carlos Garcia Cordero; Max Muhlhauser

doi:10.1109/CNS.2016.7860495

On probe-response attacks in Collaborative Intrusion Detection Systems

Emmanouil Vasilomanolakis, Michael Stahn, Carlos Garcia Cordero, Max Muhlhauser

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

6 Citations (Scopus)

Abstract

Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.

Original language	English
Title of host publication	2016 IEEE Conference on Communications and Network Security, CNS 2016
Number of pages	8
Publisher	IEEE
Publication date	21 Feb 2017
Pages	279-286
Article number	7860495
ISBN (Electronic)	9781509030651
DOIs	https://doi.org/10.1109/CNS.2016.7860495
Publication status	Published - 21 Feb 2017
Externally published	Yes
Event	2016 IEEE Conference on Communications and Network Security, CNS 2016 - Philadelphia, United States Duration: 17 Oct 2016 → 19 Oct 2016

Conference

Conference	2016 IEEE Conference on Communications and Network Security, CNS 2016
Country/Territory	United States
City	Philadelphia
Period	17/10/2016 → 19/10/2016

Series	2016 IEEE Conference on Communications and Network Security, CNS 2016

Bibliographical note

Publisher Copyright:
© 2016 IEEE.

Access to Document

10.1109/CNS.2016.7860495

AUB Link

Search for the material in Aalborg University Library's search engine

Cite this

@inproceedings{b85956549128433f9454d85a46d5858d,

title = "On probe-response attacks in Collaborative Intrusion Detection Systems",

abstract = "Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.",

author = "Emmanouil Vasilomanolakis and Michael Stahn and Cordero, {Carlos Garcia} and Max Muhlhauser",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE Conference on Communications and Network Security, CNS 2016 ; Conference date: 17-10-2016 Through 19-10-2016",

year = "2017",

month = feb,

day = "21",

doi = "10.1109/CNS.2016.7860495",

language = "English",

series = "2016 IEEE Conference on Communications and Network Security, CNS 2016",

pages = "279--286",

booktitle = "2016 IEEE Conference on Communications and Network Security, CNS 2016",

publisher = "IEEE",

address = "United States",

}

Vasilomanolakis, E, Stahn, M, Cordero, CG & Muhlhauser, M 2017, On probe-response attacks in Collaborative Intrusion Detection Systems. in 2016 IEEE Conference on Communications and Network Security, CNS 2016., 7860495, IEEE, 2016 IEEE Conference on Communications and Network Security, CNS 2016, pp. 279-286, 2016 IEEE Conference on Communications and Network Security, CNS 2016, Philadelphia, United States, 17/10/2016. https://doi.org/10.1109/CNS.2016.7860495

On probe-response attacks in Collaborative Intrusion Detection Systems. / Vasilomanolakis, Emmanouil; Stahn, Michael; Cordero, Carlos Garcia et al.
2016 IEEE Conference on Communications and Network Security, CNS 2016. IEEE, 2017. p. 279-286 7860495 (2016 IEEE Conference on Communications and Network Security, CNS 2016).

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

TY - GEN

T1 - On probe-response attacks in Collaborative Intrusion Detection Systems

AU - Vasilomanolakis, Emmanouil

AU - Stahn, Michael

AU - Cordero, Carlos Garcia

AU - Muhlhauser, Max

PY - 2017/2/21

Y1 - 2017/2/21

N2 - Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.

AB - Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.

UR - http://www.scopus.com/inward/record.url?scp=85016034724&partnerID=8YFLogxK

U2 - 10.1109/CNS.2016.7860495

DO - 10.1109/CNS.2016.7860495

M3 - Article in proceeding

AN - SCOPUS:85016034724

T3 - 2016 IEEE Conference on Communications and Network Security, CNS 2016

SP - 279

EP - 286

BT - 2016 IEEE Conference on Communications and Network Security, CNS 2016

PB - IEEE

T2 - 2016 IEEE Conference on Communications and Network Security, CNS 2016

Y2 - 17 October 2016 through 19 October 2016

ER -

On probe-response attacks in Collaborative Intrusion Detection Systems

Abstract

Conference

Bibliographical note

Access to Document

AUB Link

Other files and links

Fingerprint

Cite this