Mapping internet sensors with probe response attacks
作者: Mary Vernon , Jason Franklin , John Bethencourt
DOI:
关键词:
摘要: Internet sensor networks, including honeypots and log analysis centers such as the SANS Storm Center, are used a tool to detect malicious traffic. For maximum effectiveness, networks publish public reports without disclosing locations, so that community can take steps counteract Maintaining anonymity is critical because if set of sensors known, attacker could avoid entirely or overwhelm with errant data. Motivated by growing use monitor traffic, we show publicly report statistics vulnerable intelligent probing determine location sensors. In particular, develop new "probe response" attack technique number optimizations for locating in currently deployed illustrate specific case study shows how would locate Center using published data from those Simulation results identity this other less than week, even under limited adversarial model. We detail vulnerabilities several current anonymization schemes demonstrate quickly efficiently discover presence sophisticated preserving methods prefix-preserving permutations Bloom filters. Finally, consider characteristics an which make it probe response attacks discuss potential countermeasures.
acm.org
ouah.org 参考文章(25)
Patrick Lincoln, Phillip Porras, Vitally Shmatikov, Privacy-preserving sharing and correction of security alerts usenix security symposium. pp. 17- 17 ,(2004)
Ding-Zhu Du, Frank Kwang Hwang, Combinatorial Group Testing and Its Applications ,(1993)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Luis von Ahn, Manuel Blum, Nicholas J. Hopper, John Langford, CAPTCHA: using hard AI problems for security theory and application of cryptographic techniques. pp. 294- 311 ,(2003) , 10.1007/3-540-39200-9_18
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384
Philip Gross, Janak Parekh, Gail Kaiser, Secure "selecticast" for collaborative intrusion detection systems "International Workshop on Distributed Event-based Systems (DEBS 2004)" W18L Workshop - 26th International Conference on Software Engineering. pp. 50- 55 ,(2004) , 10.1049/IC:20040382