Correlating Multi-Session Attacks via Replay
نویسندگان
چکیده
Intrusion analysis is a manual and time-consuming operation today. It is especially challenging because attacks often span multiple sessions which makes it is hard to diagnose all the damage caused by an attack. One approach for determining dependencies between the sessions of an attack is system-call taint analysis, but this method can generate large numbers of false dependencies due to shared objects such as a password file. In this paper, we propose a novel solution to this problem that replays sessions with tainted and untainted inputs and reasons about multisession dependencies by comparing the session’s outputs in the two cases. We present some initial experiments that show that this approach is promising and may allow building powerful intrusion analysis and recovery systems.
منابع مشابه
Design guidelines for security protocols to prevent replay & parallel session attacks
This work is concerned with the design of security protocols. These protocols are susceptible to intruder attacks and their security compromised if weaknesses in the protocols' design are evident. In this paper a new analysis is presented on the reasons why security protocols are vulnerable to replay and parallel session attack and based on this analysis a new set of design guidelines to ensure...
متن کاملA n2+n MQV key agreement protocol
In this paper, a novel scheme to generate (n 2 + n) common secret keys in one session is proposed, in which two parties can use them to encrypt and decrypt their communicated messages by using symmetric-key cryptosystem. The proposed scheme is based on the difficulty of calculating discrete logarithms problem. All the session keys can be used against the known key attacks, main-in-the middle at...
متن کاملDetecting Replay Attacks by Freshness Annotations
We present a reduction semantics for the LYSA calculus extended with session information and a static analysis for it. If a protocol passes the analysis then it is free of replay attacks.
متن کاملOn Handling Replay Attacks in Intrusion Detection Systems
We propose a method for detecting and analyzing the so-called replay attacks in intrusion detection systems, when an intruder contributes a small amount of hostile actions to a recorded session of a legitimate user or process, and replays this session back to the system. The proposed approach can be applied if an automata-based model is used to describe behavior of active entities in a computer...
متن کاملInterference Mitigation of Replay Attacks in GPS Receiver using of Finite Impulse Response Filter
The vulnerability of civil GPS receiver to interference may be intentional or unintentional. Among all types of interference, replay attack intended as the most dangerous intentional one. The signal structure of replay attack is almost the same with the satellite signal. The interference effects can be reduce with the design of an appropriate filter in the receiver. This paper presents two meth...
متن کامل