A Cooperative IDS Approach Against MPTCP Attacks

Abstract

Recent thesis work by a Naval Postgraduate School graduate has proven that intrusion detection systems (IDS) can be defeated by leveraging Multipath Transmission Control Protocol (MPTCP). Furthermore, the ability to enhance a single IDS to better detect and defend against attacks leveraging MPTCP was presented. However, large organizations and entities have multiple IDSs that may not communicate or share connection information. We assume an attacker will launch an attack that leverages MPTCPs ability to connect a source and destination over multiple paths, and that the paths intentionally traverse through different IDSs on the targets network. We validate related work regarding enhancing an IDS to reconstruct MPTCP subflows and detect malicious content. Next, we build physical testbeds in order to present a methodology that allows distributed IDSs (DIDS) to cooperate in a manner that permits effective detection of such attacks.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2017
Accession Number
AD1046295

Entities

People

  • Warren Iii L. Barksdale

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Computer Programs
  • Computer Science
  • Computers
  • Detection
  • Detectors
  • Energy Consumption
  • Graphical User Interface
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Sensor Networks
  • Shell Scripts
  • Virtual Machines
  • Wireless Computer Networks
  • Wireless Sensor Networks

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Sensor Fusion and Tracking Systems.