Sciweavers

INFOCOM
2008
IEEE

iLOC: An invisible LOCalization Attack to Internet Threat Monitoring Systems

13 years 10 months ago
iLOC: An invisible LOCalization Attack to Internet Threat Monitoring Systems
—In this paper, we study a new class of attacks, the invisible LOCalization (iLOC) attack, which can accurately and invisibly localize monitors of Internet threat monitoring (ITM) systems, a class of widely deployed facilities to characterize Internet threats, such as worm propagation, denial-of-service (DoS) attacks. In the iLOC attack, the attacker launches low-rate port-scan traffic, encoded with a selected pseudo-noise code (PNcode), to targeted networks. While the secret PN-code is invisible to others, the attacker can accurately determine the existence of monitors in the targeted networks based on whether the PN-code is embedded in the report data queried from the data center of the ITM system. We conduct extensive simulations on the iLOC attack using real-world traces. Our data demonstrate that the iLOC attack can accurately identify monitors while remaining invisible to the ITM. Finally, we present a set of guidelines to counteract the iLOC attack.
Xun Wang, Wei Yu, Xinwen Fu, Dong Xuan, Wei Zhao
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Where INFOCOM
Authors Xun Wang, Wei Yu, Xinwen Fu, Dong Xuan, Wei Zhao
Comments (0)