Аннотация
Localization attacks, in which IP addresses located as sensors comprising Darknet systems are detected, are well-known. Attackers can detect sensors in secret by sending probing traffic with concealed signals to the target network. In response to this, we have developed countermeasures using a dynamic monitoring method, in which there is a dynamic switchover of sensors reflected in the published monitoring results. In this study, we will consider a case wherein the attacker is attempting to embed concealed signals between multiple ports within one sensor. Therefore, we propose a countermeasure method in which there is dynamic monitoring of each destination port. In this paper, we have verified the impact on publishable monitoring results when applying the proposed method to the nicter Darknet in Japan.
Описание
In this paper, we envisaged the attacker embedding concealed signals between multiple ports on one sensor for the purpose of detecting sensors on a Darknet monitoring system. We therefore proposed a new countermeasure method that performs dynamic monitoring for each observed port. The application of the proposed method had only a minimal impact on the monitoring of TCP packets. In addition, although there was an impact on the monitoring of UDP packets, the activity could detect obvious attacks, and would likely present no issues in terms of operation. Moving forward, we plan to implement inspection detection attacks embedding concealed signals between multiple ports, to evaluate the protection performance of the proposed method.
Линки и ресурсы
тэги