Localization Attacks to Internet Threat Monitors: Modeling and Countermeasures Academic Article

abstract

• Internet Threat Monitoring (ITM) systems are a widely deployed facility to detect, analyze, and characterize dangerous Internet threats such as worms and distributed denial-of-service (DDoS) attacks. Nonetheless, an ITM system can also become the target of attacks. In this paper, we address localization attacks against ITM systems in which an attacker impairs the effectiveness of an ITM system by identifying the locations of ITM monitors. We propose an information-theoretic framework that models localization attacks as communication channels. Based on this model, we generalize all existing attacks as "temporal attacks, derive closed formulas of their performance, and propose an effective attack detection approach. The information-theoretic model also inspires a new attack called a spatial attack and motivates the corresponding detection approach. We show simulation results that support our theoretic findings. 2006 IEEE.

authors

• Bettati, Riccardo

published proceedings

• IEEE TRANSACTIONS ON COMPUTERS

author list (cited authors)

• Yu, W., Zhang, N., Fu, X., Bettati, R., & Zhao, W.

citation count

• 13

complete list of authors

• Yu, Wei||Zhang, Nan||Fu, Xinwen||Bettati, Riccardo||Zhao, Wei

publication date

• December 2010

publisher

• Institute of Electrical and Electronics Engineers (IEEE)  Publisher

published in

• IEEE Transactions on Computers  Journal

keywords

• Defense
• Internet Threat Monitoring Systems
• Localization Attack
• Modeling

Digital Object Identifier (DOI)

• 10.1109/TC.2010.88

start page

• 1655

end page

• 1668

volume

• 59

issue

• 12

URL

• http://dx.doi.org/10.1109/tc.2010.88