Title: A practical study on noise-tolerant PN code-based localisation attacks to internet threat monitors
Authors: Masaki Narita; Bhed Bahadur Bista; Toyoo Takata
Addresses: Graduate School of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Iwate 020-0193, Japan ' Graduate School of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Iwate 020-0193, Japan ' Graduate School of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Iwate 020-0193, Japan
Abstract: Internet threat monitoring systems are studied and developed to comprehend the malicious activities on the Internet. On the other hand, it is known that attackers devise a technique that locates the deployment of sensors that constitute the monitoring system. This technique is called as localization attacks to Internet threat monitors. If attackers can detect sensors, they can evade them when they initiate the malicious activities. The latest method can detect sensors with low probing traffic volume compared with the previous one because it adopts PN (Pseudo Noise) code-based scheme inspired from the spread spectrum technology. However, when other monitoring packets interfere as a strong noise, the detection accuracy of the method decreases. For this reason, we need to make elaborate preparations under the assumption that attackers improve the PN code-based method to boost resistance to a strong noise by exploiting multiple ports, rather than by a single port for detecting a sensor. Therefore, we devised the noise-tolerant PN code-based localization attack from a standpoint of attackers for the security research. Performance evaluation was conducted based on the real Internet monitoring dataset obtained in different periods of time. In this paper, we show the detection accuracy and the stealthiness of our devised method compared with the existing one.
Keywords: internet threats; threat monitoring; localisation attacks; pseudo noise code; noise tolerance; detection accuracy; network threats; malicious activities; network security; performance evaluation.
International Journal of Space-Based and Situated Computing, 2013 Vol.3 No.4, pp.215 - 226
Received: 17 Jul 2013
Accepted: 23 Sep 2013
Published online: 18 Dec 2013 *