Attacks against intrusion detection networks: evasion, reverse engineering and optimal countermeasures
作者: Sergio Pastrana Portillo
DOI:
关键词:
摘要: Intrusion Detection Networks (IDNs) constitute a primary element in current cyberdefense systems. IDNs are composed of different nodes distributed among network infrastructure, performing functions such as local detection --mostly by Systems (IDS) --, information sharing with other the IDN, and aggregation correlation data from sources. Overall, they able to detect attacks taking place at large scale or parts simultaneously. have become themselves target advanced cyberattacks aimed bypassing security barrier offer thus gaining control protected system. In order guarantee privacy systems being IDN itself, it is required design resilient architectures for capable maintaining minimum level functionality even when certain bypassed, compromised, rendered unusable. Research this field has traditionally focused on designing robust algorithms IDS. However, almost no attention been paid analyzing overall them. This Thesis provides various contributions research grouped into two main blocks. The first analyze proposals IDS against specific attacks, while third fourth provide mechanisms that remain presence adversaries. contribution, we propose evasion reverse engineering anomaly detectors use classification core engine. These widely studied field, generally claimed be both effective efficient. do not consider potential behaviors incurred adversaries decrease effectiveness efficiency process. We demonstrate using well-known intrusion vulnerable which makes these inappropriate real second contribution discusses randomization countermeasure detectors. Recent works proposed secret (random) hide surface, making harder an adversary. attack query-response analysis showing does security. our Anagram, popular application-layer detector based randomized n-gram analysis. show how adversary can _rst discover used querying carefully constructed payloads then evade detector. difficulties found properly address motivate protect globally, assuming possibility some devising ways allocating countermeasures optimally. so, essential model adversarial capabilities. Thesis, conceptual viewed whose connections internal components determine architecture global defense network. Such abstraction number existing IDNs. Furthermore, also develop builds classical capabilities communication networks allow specify complex nodes. Finally, presents DEFIDNET, framework assess vulnerabilities IDNs, threats exposed, optimal minimize risk considering possible economic operational constraints. uses system models developed earlier together rating procedure evaluates propagation particular throughout entire estimates impacts actions according strategies. assessment search terms involved cost amount mitigated risk. done multi-objective optimization algorithms, offering analyst sets solutions could applied scenarios. -------------------------------------------------------------
unirioja.es参考文章(130)
Aloysius K. Mok, Simon P. Chung, Allergy attack against automatic signature generation Lecture Notes in Computer Science. pp. 61- 80 ,(2006)
Engin Kirda, Christopher Kruegel, Giovanni Vigna, William Robertson, Darren Mutz, Polymorphic worm detection using structural information of executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006)
Karen Scarfone, Peter Mell, None, Guide to Intrusion Detection and Prevention Systems (IDPS) Special Publication (NIST SP) - 800-94. ,(2007) , 10.6028/NIST.SP.800-94
Giuseppe Ateniese, Luigi V. Mancini, Angelo Spognardi, Antonio Villani, Domenico Vitali, Giovanni Felici, Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers International Journal of Security and Networks. ,vol. 10, pp. 137- 150 ,(2015) , 10.1504/IJSN.2015.071829
Arjita Ghosh, Sandip Sen, Agent-based distributed intrusion alert system IWDC'04 Proceedings of the 6th international conference on Distributed Computing. pp. 240- 251 ,(2004) , 10.1007/978-3-540-30536-1_28
Antonella Guzzo, Andrea Pugliese, Antonino Rullo, Domenico Saccà, Intrusion Detection with Hypergraph-Based Attack Models graph structures for knowledge representation and reasoning. pp. 58- 73 ,(2013) , 10.1007/978-3-319-04534-4_5
Kymie M. C. Tan, Kevin S. Killourhy, Roy A. Maxion, Undermining an anomaly-based intrusion detection system using common exploits recent advances in intrusion detection. pp. 54- 73 ,(2002) , 10.1007/3-540-36084-0_4
Sahin Albayrak, Seyit Ahmet Camtepe, Rainer Bye, Collaborative intrusion detection framework: characteristics, adversarial opportunities and countermeasures CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy. pp. 1- 1 ,(2010)
Udo W. Pooch, Kui Wu, Bo Sun, Zone-Based Intrusion Detection for Mobile Ad Hoc Networks. Ad Hoc & Sensor Wireless Networks. ,vol. 2, pp. 297- 324 ,(2006)
Carmen Torrano-Gimenez, Alejandro Perez-Villegas, Gonzalo Alvarez, A Self-learning Anomaly-Based Web Application Firewall CISIS. pp. 85- 92 ,(2009) , 10.1007/978-3-642-04091-7_11