Tracing back attacks against encrypted protocols

Tarik Taleb*, Zubair Md Fadlullah, Kazuo Hashimoto, Yoshiaki Nemoto, Nei Kato

*この研究の対応する著者

研究成果: Conference contribution

4 被引用数 (Scopus)

抄録

Attacks against encrypted protocols have become increasingly popular and sophisticated. Such attacks are often undetectable by the traditional Intrusion Detection Systems (IDSs). Additionally, the encrypted attack-traffic makes tracing the source of the attack substantially more difficult. In this paper, we address these issues and devise a mechanism to trace back attackers against encrypted protocols. In our efforts to combat attacks against cryptographic protocols, we have integrated a traceback mechanism at the monitoring stubs (MSs), which were introduced in one of our previous works. While we previously focused on strategically placing monitoring stubs to detect attacks against encrypted protocols, in this work we aim at equipping MSs with a traceback feature. In our approach, when a given MS detects an attack, it starts tracing back to the root of the attack. The traceback mechanism relies on monitoring the extracted features at different MSs, i.e., in different points of the target network. At each MS, the monitored features over time provide a pattern which is compared or correlated with the monitored patterns at the neighboring MSs. A high correlation value in the patterns observed by two adjacent MSs indicates that the attack traffic propagated through the network elements covered by these MSs. Based on these correlation values and a prior knowledge of the network topology, the system can then construct a path back to the attacking hosts. The effectiveness of the proposed traceback scheme is verified by simulations.

本文言語English
ホスト出版物のタイトルIWCMC 2007
ホスト出版物のサブタイトルProceedings of the 2007 International Wireless Communications and Mobile Computing Conference
ページ121-126
ページ数6
DOI
出版ステータスPublished - 2007 12 14
外部発表はい
イベントIWCMC 2007: 2007 International Wireless Communications and Mobile Computing Conference - Honolulu, HI, United States
継続期間: 2007 8 122007 8 16

出版物シリーズ

名前IWCMC 2007: Proceedings of the 2007 International Wireless Communications and Mobile Computing Conference

Conference

ConferenceIWCMC 2007: 2007 International Wireless Communications and Mobile Computing Conference
国/地域United States
CityHonolulu, HI
Period07/8/1207/8/16

ASJC Scopus subject areas

  • コンピュータ ネットワークおよび通信
  • ソフトウェア
  • 電子工学および電気工学

フィンガープリント

「Tracing back attacks against encrypted protocols」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル