On the Resilience of Network-based Moving Target Defense Techniques Against Host Profiling Attacks
作者: Michal Piskozub , Riccardo Spolaor , Mauro Conti , Ivan Martinovic
关键词: F1 score 、 Moving target defense 、 Flow network 、 Computer security 、 Robustness (computer science) 、 Identifier 、 Computer science
摘要: Researchers propose Moving Target Defense (MTD) strategies for networking infrastructures as a countermeasure to impede attackers from identifying and exploiting vulnerable network hosts. In this paper, we investigate the weaknesses of Network-based (NMTD) against passive host profiling attacks. particular, consider periodical reactive approaches change hosts' identifiers. To evaluate capabilities attack, design Hostbuster, tool that reidentifies hosts based on flow data. We experimentally its effectiveness using real-world traffic University Oxford. show robustness learned profiles, which are valid more than two months. On average, our experiments result in 80% classification performance given by F1 score. As these analyses, provide guidelines strengthen NMTD types
sci-hub.se 参考文章(50)
Benoit Claise, Cisco Systems NetFlow Services Export Version 9 RFC. ,vol. 3954, pp. 1- 33 ,(2004)
Jelena Mirkovic, Songjie Wei, Ezra Kissel, Profiling and Clustering Internet Hosts. DMIN. pp. 269- 275 ,(2006)
H. Okhravi, M. A. Rabe, T. J. Mayberry, W. G. Leonard, T. R. Hobson, D. Bigelow, W. W. Streilein, Survey of Cyber Moving Target Techniques Defense Technical Information Center. ,(2013) , 10.21236/ADA591804
Vern Paxson, Mark Allman, Ethan Blanton, An architecture for developing behavioral history conference on steps to reducing unwanted traffic on internet. pp. 7- 7 ,(2005)
Jafar Haadi Jafarian, Ehab Al-Shaer, Qi Duan, Adversary-aware IP address randomization for proactive agility against sophisticated attackers 2015 IEEE Conference on Computer Communications (INFOCOM). pp. 738- 746 ,(2015) , 10.1109/INFOCOM.2015.7218443
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Jafar Haadi Jafarian, Ehab Al-Shaer, Qi Duan, An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks IEEE Transactions on Information Forensics and Security. ,vol. 10, pp. 2562- 2577 ,(2015) , 10.1109/TIFS.2015.2467358
David Harris, Sarah Harris, Digital Design and Computer Architecture ,(2007)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Monowar H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 303- 336 ,(2014) , 10.1109/SURV.2013.052213.00046