On effective localization attacks against Internet Threat monitors

Wei Yu, Sixiao Wei, Guanhui Ma, Xinwen Fu, Nan Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Internet Threat Monitoring (ITM) systems have been widely deployed to detect and characterize dangerous Internet global threats such as botnet and malware propagation. Nonetheless, the effectiveness of ITM systems largely depends on the confidentiality of their monitor locations. In this paper, we investigate localization attacks aiming to identify ITM monitor location and propose the formal model of such attacks using communication channel theory. We also develop novel techniques that significantly increases the accuracy, efficiency, and secrecy of ITM localization attacks. Specifically, we introduce (i) a frequency-based modulation technique to effectively reduce the interference from the background traffic and achieve a high attack accuracy, (ii) both time and space hopping techniques to randomize signal pattern and make the attack hard to detect by the defender, and (iii) Multiple Input and Multiple Output (MIMO) based techniques to increase the attack efficiency of identifying multiple monitors simultaneously. We derive closed formulae for the performance analysis of our proposed techniques and conduct extensive simulations. Our data validate our theoretical findings and demonstrate that the adversary can identify ITM monitors accurately, efficiently, and secretly.

Original languageEnglish (US)
Title of host publication2013 IEEE International Conference on Communications, ICC 2013
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages2011-2015
Number of pages5
ISBN (Print)9781467331227
DOIs
StatePublished - Jan 1 2013
Event2013 IEEE International Conference on Communications, ICC 2013 - Budapest, Hungary
Duration: Jun 9 2013Jun 13 2013

Publication series

NameIEEE International Conference on Communications
ISSN (Print)1550-3607

Other

Other2013 IEEE International Conference on Communications, ICC 2013
CountryHungary
CityBudapest
Period6/9/136/13/13

Fingerprint

Computer monitors
Internet
Monitoring
Computer systems
Modulation

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Yu, W., Wei, S., Ma, G., Fu, X., & Zhang, N. (2013). On effective localization attacks against Internet Threat monitors. In 2013 IEEE International Conference on Communications, ICC 2013 (pp. 2011-2015). [6654820] (IEEE International Conference on Communications). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICC.2013.6654820
Yu, Wei ; Wei, Sixiao ; Ma, Guanhui ; Fu, Xinwen ; Zhang, Nan. / On effective localization attacks against Internet Threat monitors. 2013 IEEE International Conference on Communications, ICC 2013. Institute of Electrical and Electronics Engineers Inc., 2013. pp. 2011-2015 (IEEE International Conference on Communications).
@inproceedings{fb0b24f4713e4e00bcd35dca0051d36b,
title = "On effective localization attacks against Internet Threat monitors",
abstract = "Internet Threat Monitoring (ITM) systems have been widely deployed to detect and characterize dangerous Internet global threats such as botnet and malware propagation. Nonetheless, the effectiveness of ITM systems largely depends on the confidentiality of their monitor locations. In this paper, we investigate localization attacks aiming to identify ITM monitor location and propose the formal model of such attacks using communication channel theory. We also develop novel techniques that significantly increases the accuracy, efficiency, and secrecy of ITM localization attacks. Specifically, we introduce (i) a frequency-based modulation technique to effectively reduce the interference from the background traffic and achieve a high attack accuracy, (ii) both time and space hopping techniques to randomize signal pattern and make the attack hard to detect by the defender, and (iii) Multiple Input and Multiple Output (MIMO) based techniques to increase the attack efficiency of identifying multiple monitors simultaneously. We derive closed formulae for the performance analysis of our proposed techniques and conduct extensive simulations. Our data validate our theoretical findings and demonstrate that the adversary can identify ITM monitors accurately, efficiently, and secretly.",
author = "Wei Yu and Sixiao Wei and Guanhui Ma and Xinwen Fu and Nan Zhang",
year = "2013",
month = "1",
day = "1",
doi = "10.1109/ICC.2013.6654820",
language = "English (US)",
isbn = "9781467331227",
series = "IEEE International Conference on Communications",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "2011--2015",
booktitle = "2013 IEEE International Conference on Communications, ICC 2013",
address = "United States",

}

Yu, W, Wei, S, Ma, G, Fu, X & Zhang, N 2013, On effective localization attacks against Internet Threat monitors. in 2013 IEEE International Conference on Communications, ICC 2013., 6654820, IEEE International Conference on Communications, Institute of Electrical and Electronics Engineers Inc., pp. 2011-2015, 2013 IEEE International Conference on Communications, ICC 2013, Budapest, Hungary, 6/9/13. https://doi.org/10.1109/ICC.2013.6654820

On effective localization attacks against Internet Threat monitors. / Yu, Wei; Wei, Sixiao; Ma, Guanhui; Fu, Xinwen; Zhang, Nan.

2013 IEEE International Conference on Communications, ICC 2013. Institute of Electrical and Electronics Engineers Inc., 2013. p. 2011-2015 6654820 (IEEE International Conference on Communications).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - On effective localization attacks against Internet Threat monitors

AU - Yu, Wei

AU - Wei, Sixiao

AU - Ma, Guanhui

AU - Fu, Xinwen

AU - Zhang, Nan

PY - 2013/1/1

Y1 - 2013/1/1

N2 - Internet Threat Monitoring (ITM) systems have been widely deployed to detect and characterize dangerous Internet global threats such as botnet and malware propagation. Nonetheless, the effectiveness of ITM systems largely depends on the confidentiality of their monitor locations. In this paper, we investigate localization attacks aiming to identify ITM monitor location and propose the formal model of such attacks using communication channel theory. We also develop novel techniques that significantly increases the accuracy, efficiency, and secrecy of ITM localization attacks. Specifically, we introduce (i) a frequency-based modulation technique to effectively reduce the interference from the background traffic and achieve a high attack accuracy, (ii) both time and space hopping techniques to randomize signal pattern and make the attack hard to detect by the defender, and (iii) Multiple Input and Multiple Output (MIMO) based techniques to increase the attack efficiency of identifying multiple monitors simultaneously. We derive closed formulae for the performance analysis of our proposed techniques and conduct extensive simulations. Our data validate our theoretical findings and demonstrate that the adversary can identify ITM monitors accurately, efficiently, and secretly.

AB - Internet Threat Monitoring (ITM) systems have been widely deployed to detect and characterize dangerous Internet global threats such as botnet and malware propagation. Nonetheless, the effectiveness of ITM systems largely depends on the confidentiality of their monitor locations. In this paper, we investigate localization attacks aiming to identify ITM monitor location and propose the formal model of such attacks using communication channel theory. We also develop novel techniques that significantly increases the accuracy, efficiency, and secrecy of ITM localization attacks. Specifically, we introduce (i) a frequency-based modulation technique to effectively reduce the interference from the background traffic and achieve a high attack accuracy, (ii) both time and space hopping techniques to randomize signal pattern and make the attack hard to detect by the defender, and (iii) Multiple Input and Multiple Output (MIMO) based techniques to increase the attack efficiency of identifying multiple monitors simultaneously. We derive closed formulae for the performance analysis of our proposed techniques and conduct extensive simulations. Our data validate our theoretical findings and demonstrate that the adversary can identify ITM monitors accurately, efficiently, and secretly.

UR - http://www.scopus.com/inward/record.url?scp=84891358190&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84891358190&partnerID=8YFLogxK

U2 - 10.1109/ICC.2013.6654820

DO - 10.1109/ICC.2013.6654820

M3 - Conference contribution

AN - SCOPUS:84891358190

SN - 9781467331227

T3 - IEEE International Conference on Communications

SP - 2011

EP - 2015

BT - 2013 IEEE International Conference on Communications, ICC 2013

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Yu W, Wei S, Ma G, Fu X, Zhang N. On effective localization attacks against Internet Threat monitors. In 2013 IEEE International Conference on Communications, ICC 2013. Institute of Electrical and Electronics Engineers Inc. 2013. p. 2011-2015. 6654820. (IEEE International Conference on Communications). https://doi.org/10.1109/ICC.2013.6654820