TY - GEN
T1 - On effective localization attacks against Internet Threat monitors
AU - Yu, Wei
AU - Wei, Sixiao
AU - Ma, Guanhui
AU - Fu, Xinwen
AU - Zhang, Nan
PY - 2013
Y1 - 2013
N2 - Internet Threat Monitoring (ITM) systems have been widely deployed to detect and characterize dangerous Internet global threats such as botnet and malware propagation. Nonetheless, the effectiveness of ITM systems largely depends on the confidentiality of their monitor locations. In this paper, we investigate localization attacks aiming to identify ITM monitor location and propose the formal model of such attacks using communication channel theory. We also develop novel techniques that significantly increases the accuracy, efficiency, and secrecy of ITM localization attacks. Specifically, we introduce (i) a frequency-based modulation technique to effectively reduce the interference from the background traffic and achieve a high attack accuracy, (ii) both time and space hopping techniques to randomize signal pattern and make the attack hard to detect by the defender, and (iii) Multiple Input and Multiple Output (MIMO) based techniques to increase the attack efficiency of identifying multiple monitors simultaneously. We derive closed formulae for the performance analysis of our proposed techniques and conduct extensive simulations. Our data validate our theoretical findings and demonstrate that the adversary can identify ITM monitors accurately, efficiently, and secretly.
AB - Internet Threat Monitoring (ITM) systems have been widely deployed to detect and characterize dangerous Internet global threats such as botnet and malware propagation. Nonetheless, the effectiveness of ITM systems largely depends on the confidentiality of their monitor locations. In this paper, we investigate localization attacks aiming to identify ITM monitor location and propose the formal model of such attacks using communication channel theory. We also develop novel techniques that significantly increases the accuracy, efficiency, and secrecy of ITM localization attacks. Specifically, we introduce (i) a frequency-based modulation technique to effectively reduce the interference from the background traffic and achieve a high attack accuracy, (ii) both time and space hopping techniques to randomize signal pattern and make the attack hard to detect by the defender, and (iii) Multiple Input and Multiple Output (MIMO) based techniques to increase the attack efficiency of identifying multiple monitors simultaneously. We derive closed formulae for the performance analysis of our proposed techniques and conduct extensive simulations. Our data validate our theoretical findings and demonstrate that the adversary can identify ITM monitors accurately, efficiently, and secretly.
UR - http://www.scopus.com/inward/record.url?scp=84891358190&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84891358190&partnerID=8YFLogxK
U2 - 10.1109/ICC.2013.6654820
DO - 10.1109/ICC.2013.6654820
M3 - Conference contribution
AN - SCOPUS:84891358190
SN - 9781467331227
T3 - IEEE International Conference on Communications
SP - 2011
EP - 2015
BT - 2013 IEEE International Conference on Communications, ICC 2013
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2013 IEEE International Conference on Communications, ICC 2013
Y2 - 9 June 2013 through 13 June 2013
ER -