On effective localization attacks against Internet Threat monitors

Internet Threat Monitoring (ITM) systems have been widely deployed to detect and characterize dangerous Internet global threats such as botnet and malware propagation. Nonetheless, the effectiveness of ITM systems largely depends on the confidentiality of their monitor locations. In this paper, we investigate localization attacks aiming to identify ITM monitor location and propose the formal model of such attacks using communication channel theory. We also develop novel techniques that significantly increases the accuracy, efficiency, and secrecy of ITM localization attacks. Specifically, we introduce (i) a frequency-based modulation technique to effectively reduce the interference from the background traffic and achieve a high attack accuracy, (ii) both time and space hopping techniques to randomize signal pattern and make the attack hard to detect by the defender, and (iii) Multiple Input and Multiple Output (MIMO) based techniques to increase the attack efficiency of identifying multiple monitors simultaneously. We derive closed formulae for the performance analysis of our proposed techniques and conduct extensive simulations. Our data validate our theoretical findings and demonstrate that the adversary can identify ITM monitors accurately, efficiently, and secretly.