Tracing back attacks against encrypted protocols

Tarik Taleb, Zubair Md Fadlullah, Kazuo Hashimoto, Yoshiaki Nemoto, Nei Kato

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Attacks against encrypted protocols have become increasingly popular and sophisticated. Such attacks are often undetectable by the traditional Intrusion Detection Systems (IDSs). Additionally, the encrypted attack-traffic makes tracing the source of the attack substantially more difficult. In this paper, we address these issues and devise a mechanism to trace back attackers against encrypted protocols. In our efforts to combat attacks against cryptographic protocols, we have integrated a traceback mechanism at the monitoring stubs (MSs), which were introduced in one of our previous works. While we previously focused on strategically placing monitoring stubs to detect attacks against encrypted protocols, in this work we aim at equipping MSs with a traceback feature. In our approach, when a given MS detects an attack, it starts tracing back to the root of the attack. The traceback mechanism relies on monitoring the extracted features at different MSs, i.e., in different points of the target network. At each MS, the monitored features over time provide a pattern which is compared or correlated with the monitored patterns at the neighboring MSs. A high correlation value in the patterns observed by two adjacent MSs indicates that the attack traffic propagated through the network elements covered by these MSs. Based on these correlation values and a prior knowledge of the network topology, the system can then construct a path back to the attacking hosts. The effectiveness of the proposed traceback scheme is verified by simulations.

Original languageEnglish
Title of host publicationIWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference
Pages121-126
Number of pages6
DOIs
Publication statusPublished - 2007
Externally publishedYes
EventIWCMC 2007: 2007 International Wireless Communications and Mobile Computing Conference - Honolulu, HI
Duration: 2007 Aug 122007 Aug 16

Other

OtherIWCMC 2007: 2007 International Wireless Communications and Mobile Computing Conference
CityHonolulu, HI
Period07/8/1207/8/16

Fingerprint

Monitoring
Intrusion detection
Topology

Keywords

  • Encryption
  • Intrusion detection system (IDS)
  • Traceback

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Electrical and Electronic Engineering

Cite this

Taleb, T., Fadlullah, Z. M., Hashimoto, K., Nemoto, Y., & Kato, N. (2007). Tracing back attacks against encrypted protocols. In IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference (pp. 121-126) https://doi.org/10.1145/1280940.1280966

Tracing back attacks against encrypted protocols. / Taleb, Tarik; Fadlullah, Zubair Md; Hashimoto, Kazuo; Nemoto, Yoshiaki; Kato, Nei.

IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference. 2007. p. 121-126.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Taleb, T, Fadlullah, ZM, Hashimoto, K, Nemoto, Y & Kato, N 2007, Tracing back attacks against encrypted protocols. in IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference. pp. 121-126, IWCMC 2007: 2007 International Wireless Communications and Mobile Computing Conference, Honolulu, HI, 07/8/12. https://doi.org/10.1145/1280940.1280966
Taleb T, Fadlullah ZM, Hashimoto K, Nemoto Y, Kato N. Tracing back attacks against encrypted protocols. In IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference. 2007. p. 121-126 https://doi.org/10.1145/1280940.1280966
Taleb, Tarik ; Fadlullah, Zubair Md ; Hashimoto, Kazuo ; Nemoto, Yoshiaki ; Kato, Nei. / Tracing back attacks against encrypted protocols. IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference. 2007. pp. 121-126
@inproceedings{94a52b9fade74f05bac43cebe9214ac8,
title = "Tracing back attacks against encrypted protocols",
abstract = "Attacks against encrypted protocols have become increasingly popular and sophisticated. Such attacks are often undetectable by the traditional Intrusion Detection Systems (IDSs). Additionally, the encrypted attack-traffic makes tracing the source of the attack substantially more difficult. In this paper, we address these issues and devise a mechanism to trace back attackers against encrypted protocols. In our efforts to combat attacks against cryptographic protocols, we have integrated a traceback mechanism at the monitoring stubs (MSs), which were introduced in one of our previous works. While we previously focused on strategically placing monitoring stubs to detect attacks against encrypted protocols, in this work we aim at equipping MSs with a traceback feature. In our approach, when a given MS detects an attack, it starts tracing back to the root of the attack. The traceback mechanism relies on monitoring the extracted features at different MSs, i.e., in different points of the target network. At each MS, the monitored features over time provide a pattern which is compared or correlated with the monitored patterns at the neighboring MSs. A high correlation value in the patterns observed by two adjacent MSs indicates that the attack traffic propagated through the network elements covered by these MSs. Based on these correlation values and a prior knowledge of the network topology, the system can then construct a path back to the attacking hosts. The effectiveness of the proposed traceback scheme is verified by simulations.",
keywords = "Encryption, Intrusion detection system (IDS), Traceback",
author = "Tarik Taleb and Fadlullah, {Zubair Md} and Kazuo Hashimoto and Yoshiaki Nemoto and Nei Kato",
year = "2007",
doi = "10.1145/1280940.1280966",
language = "English",
isbn = "1595936955",
pages = "121--126",
booktitle = "IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference",

}

TY - GEN

T1 - Tracing back attacks against encrypted protocols

AU - Taleb, Tarik

AU - Fadlullah, Zubair Md

AU - Hashimoto, Kazuo

AU - Nemoto, Yoshiaki

AU - Kato, Nei

PY - 2007

Y1 - 2007

N2 - Attacks against encrypted protocols have become increasingly popular and sophisticated. Such attacks are often undetectable by the traditional Intrusion Detection Systems (IDSs). Additionally, the encrypted attack-traffic makes tracing the source of the attack substantially more difficult. In this paper, we address these issues and devise a mechanism to trace back attackers against encrypted protocols. In our efforts to combat attacks against cryptographic protocols, we have integrated a traceback mechanism at the monitoring stubs (MSs), which were introduced in one of our previous works. While we previously focused on strategically placing monitoring stubs to detect attacks against encrypted protocols, in this work we aim at equipping MSs with a traceback feature. In our approach, when a given MS detects an attack, it starts tracing back to the root of the attack. The traceback mechanism relies on monitoring the extracted features at different MSs, i.e., in different points of the target network. At each MS, the monitored features over time provide a pattern which is compared or correlated with the monitored patterns at the neighboring MSs. A high correlation value in the patterns observed by two adjacent MSs indicates that the attack traffic propagated through the network elements covered by these MSs. Based on these correlation values and a prior knowledge of the network topology, the system can then construct a path back to the attacking hosts. The effectiveness of the proposed traceback scheme is verified by simulations.

AB - Attacks against encrypted protocols have become increasingly popular and sophisticated. Such attacks are often undetectable by the traditional Intrusion Detection Systems (IDSs). Additionally, the encrypted attack-traffic makes tracing the source of the attack substantially more difficult. In this paper, we address these issues and devise a mechanism to trace back attackers against encrypted protocols. In our efforts to combat attacks against cryptographic protocols, we have integrated a traceback mechanism at the monitoring stubs (MSs), which were introduced in one of our previous works. While we previously focused on strategically placing monitoring stubs to detect attacks against encrypted protocols, in this work we aim at equipping MSs with a traceback feature. In our approach, when a given MS detects an attack, it starts tracing back to the root of the attack. The traceback mechanism relies on monitoring the extracted features at different MSs, i.e., in different points of the target network. At each MS, the monitored features over time provide a pattern which is compared or correlated with the monitored patterns at the neighboring MSs. A high correlation value in the patterns observed by two adjacent MSs indicates that the attack traffic propagated through the network elements covered by these MSs. Based on these correlation values and a prior knowledge of the network topology, the system can then construct a path back to the attacking hosts. The effectiveness of the proposed traceback scheme is verified by simulations.

KW - Encryption

KW - Intrusion detection system (IDS)

KW - Traceback

UR - http://www.scopus.com/inward/record.url?scp=36849007415&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=36849007415&partnerID=8YFLogxK

U2 - 10.1145/1280940.1280966

DO - 10.1145/1280940.1280966

M3 - Conference contribution

SN - 1595936955

SN - 9781595936950

SP - 121

EP - 126

BT - IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference

ER -