Vulnerabilities of passive internet threat monitors
作者: Yoichi Shinoda , Ko Ikai , Motomu Itoh
DOI:
关键词:
摘要: Passive Internet monitoring is a powerful tool for measuring and characterizing interesting network activity like worms or distributed denial of service attacks. By employing statistical analysis on the captured traffic, threat monitors gain valuable insight into nature threats. In past, these have been successfully used not only to detect DoS attacks worm outbreaks but also monitor propagation trends other malicious activities Internet. Today, passive are widely recognized as an important technology detecting understanding anomalies in macroscopic way. Unfortunately, that publish their results provide feedback loop can be by adversaries deduce monitor's sensor locations. Knowledge location severely reduce its functionality data may tampered with no longer trusted. This paper describes algorithms which address spaces listens presents empirical evidences they successful locating positions deployed We present solutions make "harder detect".
参考文章(7)
Robert Stone, Dug Song, Rob Malan, A Snapshot of Global Internet Worm Activity ,(2001)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Evan Cooke, Michael Bailey, Z Morley Mao, David Watson, Farnam Jahanian, Danny McPherson, None, Toward understanding distributed blackhole placement workshop on rapid malcode. pp. 54- 64 ,(2004) , 10.1145/1029618.1029627
Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, Larry Peterson, Characteristics of internet background radiation internet measurement conference. pp. 27- 40 ,(2004) , 10.1145/1028788.1028794
M. Ishiguro, Internet Threat Detection System Using Bayesian Estimation 16th Annual FIRST Conference on Computer Security Incident Handling, pp.??, Budapest, June 2004. ,(2004)
Vishal Malik, Distributed intrusion detection system ,(2002)