Abstract
Localization attacks, in which IP addresses located as sensors comprising Darknet systems are detected, are well-known. Attackers can detect sensors in secret by sending probing traffic with concealed signals to the target network. In response to this, we have developed countermeasures using a dynamic monitoring method, in which there is a dynamic switchover of sensors reflected in the published monitoring results. In this study, we will consider a case wherein the attacker is attempting to embed concealed signals between multiple ports within one sensor. Therefore, we propose a countermeasure method in which there is dynamic monitoring of each destination port. In this paper, we have verified the impact on publishable monitoring results when applying the proposed method to the nicter Darknet in Japan.
Users
Please
log in to take part in the discussion (add own reviews or comments).