Abstract | ||
---|---|---|
With the increase in the sophistication of cyberattacks, collaborative defensive approaches such as Collaborative IDSs (CIDSs) have emerged. CIDSs utilize a multitude of heterogeneous monitors to create a holistic picture of the monitored network. Nowadays, a number of research institutes and companies deploy CIDSs that publish their alert data publicly, over the Internet. Such systems are important for researchers and security administrators as they provide a source of real-world alert data for experimentation. However, a class of attacks exist, called Probe-Response Attacks (PRAs), which can significantly reduce the benefits of a CIDS. In particular, such attacks allow an adversary to detect the network location of the monitors of a CIDS. In this paper, we first study the related work and analyze the various mitigation techniques for defending against PRAs. Subsequently, we propose a novel mitigation mechanism that improves the state of the art. Our method, namely the Shuffle-based PRA Mitigation (SPM), is based on the idea of shuffling the watermarks, so-called markers, which the adversary requires to successfully perform a PRA. By doing so the whole process of the attack is disrupted leading to a very small number of identified monitors. Our experimental results suggest that our proposed method significantly reduces the impact of a PRA whilst it does not introduce a trade-off for the usability of the data produced by the CIDS. |
Year | Venue | Field |
---|---|---|
2017 | IM | Publication,Computer science,Computer security,Usability,Computer network,Encryption,Shuffling,Adversary,Sophistication,The Internet |
DocType | Citations | PageRank |
Conference | 0 | 0.34 |
References | Authors | |
15 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Emmanouil Vasilomanolakis | 1 | 109 | 15.20 |
Noorulla Sharief | 2 | 0 | 0.34 |
Max Mühlhäuser | 3 | 1652 | 252.87 |