A cooperative IDS approach against MPTCP attacks
Barksdale, Warren L., III
Xie, Geoffrey G.
MetadataShow full item record
Recent thesis work by a Naval Postgraduate School graduate has proven that intrusion detection systems (IDS) can be defeated by leveraging Multipath Transmission Control Protocol (MPTCP). Furthermore, the ability to enhance a single IDS to better detect and defend against attacks leveraging MPTCP was presented. However, large organizations and entities have multiple IDSs that may not communicate or share connection information.We assume an attacker will launch an attack that leverages MPTCP's ability to connect a source and destination over multiple paths, and that the paths intentionally traverse through different IDSs on the target's network. We validate related work regarding enhancing an IDS to reconstruct MPTCP subflows and detect malicious content. Next, we build physical testbeds in order to present a methodology that allows distributed IDSs (DIDS) to cooperate in a manner that permits effective detection of such attacks.
Approved for public release; distribution is unlimited