On Localization Attacks to Internet Threat Monitors: An Information-Theoretic Framework Conference Paper

abstract

• Internet Threat Monitoring (ITM) systems are a widely deployed facility to detect, analyze, and characterize dangerous Internet threats such as worms and distributed denial-of-service (DDoS) attacks. Nonetheless, an ITM system can also become the target of attack. In this paper, we address localization attacks against ITM systems in which an attacker impairs the effectiveness of ITM systems by identifying the locations of ITM monitors. We propose an information-theoretic framework for the modeling of localization attacks as communication channels. Based on the information-theoretic model, we generalize all existing attacks as "temporal attacks", derive closed formulae of their performance, and propose an effective detection approach. The information-theoretic model also inspires a new attack called a spatial attack and motivates the corresponding detection approach. We show simulation results that support our theoretic findings. 2008 IEEE.

name of conference

• 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN)

authors

• Bettati, Riccardo

published proceedings

• 2008 IEEE INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS & NETWORKS WITH FTCS & DCC

author list (cited authors)

• Yu, W., Zhang, N., Fu, X., Bettati, R., & Zhao, W.

citation count

• 2

complete list of authors

• Yu, Wei||Zhang, Nan||Fu, Xinwen||Bettati, Riccardo||Zhao, Wei

publication date

• January 2008

publisher

• Institute of Electrical and Electronics Engineers (IEEE)  Publisher

published in

• n1530-0889ISSN  Journal

keywords

• Information Theory
• Internet Threat Monitoring Systems
• Localization Attack

Digital Object Identifier (DOI)

• 10.1109/dsn.2008.4630104

International Standard Book Number (ISBN) 13

• 978-1-4244-2397-2

start page

• 356

end page

• +

URL

• https://ieeexplore.ieee.org/xpl/conhome/4610267/proceeding