Countermeasures against Darknet Localisation Attacks with Packet Sampling

Masaki Narita, Keisuke Kamada, Kanayo Ogura, Bhed Bahadur Bista, Toyoo Takata

Abstract


The darknet monitoring system consists of network sensors widely deployed on the Internet to capture incoming unsolicited packets.
A goal of this system is to analyse captured malicious packets and provide effective information to protect regular non-malicious Internet users from malicious activities.
To provide effective and reliable information, the location of sensors must be concealed.
However, attackers launch localisation attacks to detect sensors in order to evade them.
If the actual location of sensors is revealed, it is almost impossible to identify the latest tactics used by attackers.
Thus, in a previous study, we proposed a packet sampling method, which samples incoming packets based on an attribute of the packet sender, to increase tolerance to a localisation attack and maintain the quality of information publicised by the system.
We were successful in countering localisation attacks, which generate spikes on the publicised graph to detect a sensor.
However, in some cases, with the previously proposed sampling method, spikes were clearly evident on the graph.
Therefore, in this paper, we propose advanced sampling methods such that incoming packets are sampled based on multiple attributes of the packet sender.
We present our improved methods and show promising evaluation results obtained via a simulation.


Keywords


Darknet Monitoring, Localisation Attack, Packet Sampling, Security



DOI: http://doi.org/10.11591/ijeecs.v19.i2.pp%25p
Total views : 33 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

shopify stats IJEECS visitor statistics