Title :
A Cross-protocol approach to detect TCP Hijacking attacks
Author :
Barry, Bazara I A ; Chan, H. Anthony
Author_Institution :
Dept. of Electr. Eng., Univ. of Cape Town, Cape Town, South Africa
Abstract :
More efficient intrusion detection systems (IDSs) have become a necessity because the nature of Internet attacks and the methods used by attackers are changing significantly. Many recent attacks take advantage of more than one protocol at a time, which results in poor detection accuracy in traditional IDSs. In this paper, we propose a novel design and implementation of TCP extended finite state machine with TCP hijacking in mind. Our design is based on a cross-protocol detection mechanism which assists TCP detection module with information from other protocols involved (especially IP), and makes TCP parameters available for other protocols participating in the session. The way our system is designed enables it to help a wide range of applications that use TCP protocol, to detect session attacks. The system is tested with TCP hijacking attacks among others and shows promising detection accuracy.
Keywords :
Internet; finite state machines; security of data; transport protocols; Internet attacks; TCP Hijacking attacks detection; TCP protocol; cross-protocol approach; extended finite state machine; intrusion detection systems; Automata; Cities and towns; IP networks; Internet telephony; Intrusion detection; Monitoring; Phase detection; Protocols; Signal processing; TCPIP; Cross protocol; extended finite state machines; finite state machines; intrusion detection;
Conference_Titel :
Signal Processing and Communications, 2007. ICSPC 2007. IEEE International Conference on
Conference_Location :
Dubai
Print_ISBN :
978-1-4244-1235-8
Electronic_ISBN :
978-1-4244-1236-5
DOI :
10.1109/ICSPC.2007.4728254
