TY - JOUR
T1 - Localization attacks to internet threat monitors
T2 - Modeling and countermeasures
AU - Yu, Wei
AU - Zhang, Nan
AU - Fu, Xinwen
AU - Bettati, Riccardo
AU - Zhao, Wei
N1 - Funding Information:
The authors thank the anonymous reviewers for their invaluable feedback. This work was supported in part by the US National Science Foundation (NSF) under grants 0943479, 0907964, 0852673, 0852674, 0845644, 0915834, 0808419, 0324988, 0721571, 0329181, 0963973, and 0963979 and by the University of Macau, and Macao Science and Technology Development Foundation. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US National Science Foundation.
PY - 2010
Y1 - 2010
N2 - Internet Threat Monitoring (ITM) systems are a widely deployed facility to detect, analyze, and characterize dangerous Internet threats such as worms and distributed denial-of-service (DDoS) attacks. Nonetheless, an ITM system can also become the target of attacks. In this paper, we address localization attacks against ITM systems in which an attacker impairs the effectiveness of an ITM system by identifying the locations of ITM monitors. We propose an information-theoretic framework that models localization attacks as communication channels. Based on this model, we generalize all existing attacks as "temporal attacks, derive closed formulas of their performance, and propose an effective attack detection approach. The information-theoretic model also inspires a new attack called a spatial attack and motivates the corresponding detection approach. We show simulation results that support our theoretic findings.
AB - Internet Threat Monitoring (ITM) systems are a widely deployed facility to detect, analyze, and characterize dangerous Internet threats such as worms and distributed denial-of-service (DDoS) attacks. Nonetheless, an ITM system can also become the target of attacks. In this paper, we address localization attacks against ITM systems in which an attacker impairs the effectiveness of an ITM system by identifying the locations of ITM monitors. We propose an information-theoretic framework that models localization attacks as communication channels. Based on this model, we generalize all existing attacks as "temporal attacks, derive closed formulas of their performance, and propose an effective attack detection approach. The information-theoretic model also inspires a new attack called a spatial attack and motivates the corresponding detection approach. We show simulation results that support our theoretic findings.
UR - http://www.scopus.com/inward/record.url?scp=78149241149&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78149241149&partnerID=8YFLogxK
U2 - 10.1109/TC.2010.88
DO - 10.1109/TC.2010.88
M3 - Article
AN - SCOPUS:78149241149
SN - 0018-9340
VL - 59
SP - 1655
EP - 1668
JO - IEEE Transactions on Computers
JF - IEEE Transactions on Computers
IS - 12
M1 - 5453347
ER -