National Journal of System and Information Technology

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Optimization of Recent Attacks Using Internet Protocol


     

   Subscribe/Renew Journal


The Internet threat monitoring (ITM) systems have been deployed to detect widespread attacks on the Internet in recent years. However, the effectiveness of ITM systems critically depends on the confidentiality of the location of their monitors. If adversaries learn the monitor locations of an ITM system, they can bypass the monitors and focus on the uncovered IP address space without being detected. In this paper, we study a new class of attacks, the invisible LOCalization (iLOC) attack. The iLOC attack can accurately and invisibly localize monitors of ITM systems. In the iLOC attack, the attacker launches low-rate port-scan traffic, encoded with a selected pseudo noise code (PN-code), to targeted networks. While the secret PN-code is invisible to others, the attacker can accurately determine the existence of monitors in the targeted networks based on whether the PN-code is embedded in the report data queried from the data center of the ITM system. We formally analyze the impact of various parameters on attack effectiveness. We implement the iLOC attack and conduct the performance evaluation on a real-world ITM system to demonstrate the possibility of such attacks. We also conduct extensive simulations on the iLOC attack using real-world traces. Our data show that the iLOC attack can accurately identify monitors while being invisible to ITM systems. Finally, we present a set of guidelines to counteract the iLOC attack.

Keywords

Internet Threat Monitoring, Invisible Localization Attack, PN-code, Security, Attack Traffic, Traffic Rate
Subscription Login to verify subscription
User
Notifications
Font Size


  • Fariba Haddadi, Sara khanchi, Mehran Shetabi, and Vali Derhami (2010), ‘Intrusion Detection and Attack Classification Using Feed-Forward Neural Network’, Proceedings of 2nd International Conference on Computer and Network Technology, pp. 262-266.

  • Ferrante A, Piuri V, and Castanier F (2005), ‘A QoS enabled packet scheduling algorithm for IPSec multi accelerator based systems’, Proceedings of the 2nd International Conference on Computing frontiers, pp. 221-229.

  • Fineberg V (2002), ‘A practical architecture for implementing end-to-end QoS in an IP network’, IEEE Journal on Communication Magazine, Vol. 40, No. 1, pp. 122-130.

  • Francis P, Handley M, Karp R, and Shenker S (2002), ‘A scalable contentaddressable network’, IEEE Journal on Information Computing, pp. 1190- 1199.

  • Gao L (2001), ‘On inferring autonomous system relationships in the Internet’, IEEE Journal on Transactions of Networking, Vol. 9, No. 6, pp. 733-745.

  • Ghandeharizadeh S, Song S, and Krishnamachari B (2004), ‘Placement of continuous media in wireless peer-to-peer networks’, Proceedings of International Conference on Transactions Multimedia, Vol. 6, Issue 2, pp. 335-342.

  • Giaffreda (2001), ‘Name resolving and routing in mobile networks’, Proceedings of 2nd International Conference on 3G Mobile Communication Technologies, pp.191-195.

  • Govindan R, Estrin D, and Silva F (2003), ‘Directed Diffusion for Wireless Sensor Networking’, IEEE Journal on Transactions of Networking, Vol. 11, No. 1, pp. 2-16.

  • Haas, and Pearlman (2001), ‘The performance of query control schemes for the zone routing protocol’, ACM Journal on Transactions of Networking, Vol. 9, No. 4, pp. 427-438.

  • Haim Zlatokrilov, and Hanoch Levy (2008), ‘Area avoidance routing in Distance-Vector networks’, IEEE Journal on Communication Society 2008, pp. 1148-1156.

  • Heinzelman W, Kulik J, and Balakrishnan H (1999), ‘Adaptive protocols for Information Dissemination in Wireless Sensor Networks’, Proceedings of International Conference on Mobile Communication, pp. 174-185.

  • Huayang Cao, Miao Wang, Xiaoqiang Wang, and Peidong Zhu (2009), ‘A Packet-based Anomaly Detection Model for Inter-domain Routing’, Proceedings of International Conference on Networking, Architecture, and Storage, pp.192-195.

  • HuBaux, Buttyan, and Capkun (2001), ‘The quest for security in mobile ad hoc networks’, Proceedings of International Conference on Mobile host Communication, pp. 146-155.

  • Jaideep Chandrashekar, Zhenhai Duan, and Xin Yuan (2006), ‘Controlling Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates’, IEEE Journal on Communications Society, pp.341-352.

  • Jayanth, and Bharghavan (1998), ‘Performance of transport protocols over a multicasting based architecture for Internet host mobility’, IEEE Journal on Communication Society 1998, pp. 1817-1823.

  • Jingyuan Li, Liusheng Huang, Weijia Jia, Mingjun Xiao, and Peng Du (2006), ‘Systems on the basis of WiMAX and Wi-Fi’, IEEE Journal on Communication Society, pp. 819-824.

  • Jirapummin C, Wattanapongsakorn N, and Kanthamanon P (2002), ‘Hybrid neural networks for intrusion detection system’, Proceedings of International Conference on Circuits, Computers and Communications, pp. 928-931.

  • Johnson D, Maltz A, and Broch J (2001), ‘DSR: The Dynamic Source Routing Protocol for Multi-hop Wireless Ad hoc Networks’, IEEE Journal on Ad hoc Networking, pp. 139-152.


Abstract Views: 240

PDF Views: 2




  • Optimization of Recent Attacks Using Internet Protocol

Abstract Views: 240  |  PDF Views: 2

Authors

Abstract


The Internet threat monitoring (ITM) systems have been deployed to detect widespread attacks on the Internet in recent years. However, the effectiveness of ITM systems critically depends on the confidentiality of the location of their monitors. If adversaries learn the monitor locations of an ITM system, they can bypass the monitors and focus on the uncovered IP address space without being detected. In this paper, we study a new class of attacks, the invisible LOCalization (iLOC) attack. The iLOC attack can accurately and invisibly localize monitors of ITM systems. In the iLOC attack, the attacker launches low-rate port-scan traffic, encoded with a selected pseudo noise code (PN-code), to targeted networks. While the secret PN-code is invisible to others, the attacker can accurately determine the existence of monitors in the targeted networks based on whether the PN-code is embedded in the report data queried from the data center of the ITM system. We formally analyze the impact of various parameters on attack effectiveness. We implement the iLOC attack and conduct the performance evaluation on a real-world ITM system to demonstrate the possibility of such attacks. We also conduct extensive simulations on the iLOC attack using real-world traces. Our data show that the iLOC attack can accurately identify monitors while being invisible to ITM systems. Finally, we present a set of guidelines to counteract the iLOC attack.

Keywords


Internet Threat Monitoring, Invisible Localization Attack, PN-code, Security, Attack Traffic, Traffic Rate

References