A cooperative IDS approach against MPTCP attacks
Barksdale, Warren L., III
Xie, Geoffrey G.
MetadataShow full item record
Recent thesis work by a Naval Postgraduate School graduate has proven that intrusion detection systems (IDS) can be defeated by leveraging Multipath Transmission Control Protocol (MPTCP). Furthermore, the ability to enhance a single IDS to better detect and defend against attacks leveraging MPTCP was presented. However, large organizations and entities have multiple IDSs that may not communicate or share connection information.We assume an attacker will launch an attack that leverages MPTCP's ability to connect a source and destination over multiple paths, and that the paths intentionally traverse through different IDSs on the target's network. We validate related work regarding enhancing an IDS to reconstruct MPTCP subflows and detect malicious content. Next, we build physical testbeds in order to present a methodology that allows distributed IDSs (DIDS) to cooperate in a manner that permits effective detection of such attacks.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.