Abstract
Internet Threat Monitoring (ITM) systems are a widely deployed facility to detect, analyze, and characterize dangerous Internet threats such as worms and distributed denial-of-service (DDoS) attacks. Nonetheless, an ITM system can also become the target of attack. In this paper, we address localization attacks against ITM systems in which an attacker impairs the effectiveness of ITM systems by identifying the locations of ITM monitors. We propose an information-theoretic framework for the modeling of localization attacks as communication channels. Based on the information-theoretic model, we generalize all existing attacks as "temporal attacks", derive closed formulae of their performance, and propose an effective detection approach. The information-theoretic model also inspires a new attack called a spatial attack and motivates the corresponding detection approach. We show simulation results that support our theoretic findings.
Original language | English (US) |
---|---|
Pages | 356-365 |
Number of pages | 10 |
DOIs | |
State | Published - 2008 |
Event | 2008 International Conference on Dependable Systems and Networks, DSN-2008 - Anchorage, AK, United States Duration: Jun 24 2008 → Jun 27 2008 |
Other
Other | 2008 International Conference on Dependable Systems and Networks, DSN-2008 |
---|---|
Country/Territory | United States |
City | Anchorage, AK |
Period | 6/24/08 → 6/27/08 |
All Science Journal Classification (ASJC) codes
- Software
- Hardware and Architecture
- Computer Networks and Communications