On localization attacks to Internet Threat Monitors: An information-theoretic framework

Author

Wei Yu ; Zhang, Nan ; Fu, Xinwen ; Bettati, Riccardo ; Zhao, Wei

Author_Institution

Dept. of Comput. Sci., Texas A&M Univ., College Station, TX

fYear

2008

fDate

24-27 June 2008

Firstpage

356

Lastpage

365

Abstract

Internet threat monitoring (ITM) systems are a widely deployed facility to detect, analyze, and characterize dangerous Internet threats such as worms and distributed denial-of-service (DDoS) attacks. Nonetheless, an ITM system can also become the target of attack. In this paper, we address localization attacks against ITM systems in which an attacker impairs the effectiveness of ITM systems by identifying the locations of ITM monitors. We propose an information-theoretic framework for the modeling of localization attacks as communication channels. Based on the information-theoretic model, we generalize all existing attacks as ldquotemporal attacksrdquo, derive closed formulae of their performance, and propose an effective detection approach. The information-theoretic model also inspires a new attack called a spatial attack and motivates the corresponding detection approach. We show simulation results that support our theoretic findings.

Keywords

Internet; information theory; security of data; Internet threat monitors; distributed denial-of-service; information-theoretic framework; localization attacks; Communication channels; Computer crime; Computer science; Computer worms; IP networks; Information analysis; Internet; Monitoring; Telecommunication traffic; Traffic control; Information theory; Internet threat monitoring systems; Localization attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on

Conference_Location

Anchorage, AK

Print_ISBN

978-1-4244-2397-2

Electronic_ISBN

978-1-4244-2398-9

Type

conf

DOI

10.1109/DSN.2008.4630104

Filename

4630104