A cooperative IDS approach against MPTCP attacks
Loading...
Authors
Barksdale, Warren L., III
Subjects
MPTCP
IDS
Distributed IDS
IPS
IDS
Distributed IDS
IPS
Advisors
Xie, Geoffrey G.
Date of Issue
2017-06
Date
Jun-17
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
Recent thesis work by a Naval Postgraduate School graduate has proven that intrusion detection systems (IDS) can be defeated by leveraging Multipath Transmission Control Protocol (MPTCP). Furthermore, the ability to enhance a single IDS to better detect and defend against attacks leveraging MPTCP was presented. However, large organizations and entities have multiple IDSs that may not communicate or share connection information.We assume an attacker will launch an attack that leverages MPTCP's ability to connect a source and destination over multiple paths, and that the paths intentionally traverse through different IDSs on the target's network. We validate related work regarding enhancing an IDS to reconstruct MPTCP subflows and detect malicious content. Next, we build physical testbeds in order to present a methodology that allows distributed IDSs (DIDS) to cooperate in a manner that permits effective detection of such attacks.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.