Abstrakt | Cyber-attacks are steadily increasing in both their
size and sophistication. To cope with this, Intrusion Detection
Systems (IDSs) are considered mandatory for the protection
of critical infrastructure. Furthermore, research is currently
focusing on collaborative architectures for IDSs, creating a
Collaborative IDS (CIDS). In such a system a number of IDS
monitors work together towards creating a holistic picture of
the monitored network. Nevertheless, a class of attacks exists,
called probe-response, which can assist adversaries to detect
the network position of CIDS monitors. This can significantly
affect the advantages of a CIDS. In this paper, we introduce
PREPARE, a framework for deploying probe-response attacks
and also for studying methods for their mitigation. Moreover,
we present significant improvements on both the effectiveness
of probe-response attacks as well as on mitigation techniques
for detecting them. We evaluate our approach via an extensive
simulation and a real-world attack deployment that targets two
CIDSs. Our results show that our framework can be practically
utilized, that our proposals significantly improve probe-response
attacks and, lastly, that the introduced detection and mitigation
techniques are effective. |
---|