Title: A practical study on noise-tolerant PN code-based localisation attacks to internet threat monitors

Authors: Masaki Narita; Bhed Bahadur Bista; Toyoo Takata

Addresses: Graduate School of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Iwate 020-0193, Japan ' Graduate School of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Iwate 020-0193, Japan ' Graduate School of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Iwate 020-0193, Japan

Abstract: Internet threat monitoring systems are studied and developed to comprehend the malicious activities on the Internet. On the other hand, it is known that attackers devise a technique that locates the deployment of sensors that constitute the monitoring system. This technique is called as localization attacks to Internet threat monitors. If attackers can detect sensors, they can evade them when they initiate the malicious activities. The latest method can detect sensors with low probing traffic volume compared with the previous one because it adopts PN (Pseudo Noise) code-based scheme inspired from the spread spectrum technology. However, when other monitoring packets interfere as a strong noise, the detection accuracy of the method decreases. For this reason, we need to make elaborate preparations under the assumption that attackers improve the PN code-based method to boost resistance to a strong noise by exploiting multiple ports, rather than by a single port for detecting a sensor. Therefore, we devised the noise-tolerant PN code-based localization attack from a standpoint of attackers for the security research. Performance evaluation was conducted based on the real Internet monitoring dataset obtained in different periods of time. In this paper, we show the detection accuracy and the stealthiness of our devised method compared with the existing one.

Keywords: internet threats; threat monitoring; localisation attacks; pseudo noise code; noise tolerance; detection accuracy; network threats; malicious activities; network security; performance evaluation.

DOI: 10.1504/IJSSC.2013.058373

International Journal of Space-Based and Situated Computing, 2013 Vol.3 No.4, pp.215 - 226

Received: 17 Jul 2013
Accepted: 23 Sep 2013

Published online: 18 Dec 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article