Distributed Evasive Scan Techniques and Countermeasures
نویسندگان
چکیده
Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-ofthe-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures.
منابع مشابه
Security of Countermeasures Against State-of-the-Art Differential Scan Attacks
Test compression schemes have been claimed to provide a certain level of security against scan-based side-channel attacks. To mitigate these attacks, a number of scan attack countermeasures are proposed in the literature. Recently, a new differential scan attack (DSA) is proposed which focuses on the S-box outputs rather than the S-box inputs as in previous attacks. In this paper, a systematic ...
متن کاملFast and Evasive Attacks: Highlighting the Challenges Ahead
Passive network monitors, known as telescopes or darknets, have been invaluable in detecting and characterizing malware outbreaks. However, as the use of such monitors becomes commonplace, it is likely that malware will evolve to actively detect and evade them. This paper highlights the threat of simple, yet effective, evasive attacks that undermine the usefulness of passive monitors. Our resul...
متن کاملA New Scan Attack on RSA in Presence of Industrial Countermeasures
This paper proposes a new scan-based side-channel attack on RSA public-key cryptographic implementations in the presence of advanced Design for Testability (DfT) techniques. The attack is performed on an actual hardware implementation, for which different test scenarios were conceived (response compaction, X-Masking). The practical aspects of scan-based attacks on the RSA cryptosystem are also ...
متن کاملUsing Data Mining Techniques to Understand Collision Processes
In order to improve road safety, it is necessary to better understand collision processes, i.e. the chains of events that lead to collisions. Among the most important benefits, more efficient countermeasures can be found to target causes and factors known to lead to collisions. This would also help develop more reliable surrogate safety measures based on traffic events without a collision that ...
متن کاملJournal of Mobile, Embedded and Distributed Systems, vol. II, no. 1, 2010
This paper presents the main aspects of the digital content security. It describes the content of watermarking, presenting the steganography concept. SteganoGraphy application is presented and the algorithm used is analyzed. Optimization techniques are introduces to minimize the risk of discovering the information embedded into digital content by means of invisible watermarking. Techniques of a...
متن کامل